Jump to content

Carvell.exe (svchost?) and Ping.exe


SteveE
 Share

Recommended Posts

Hi,

I got slammed yesterday with a mega-malware/virus.  It put a bunch of stuff on my computer and hijacked all my browsers.   I have been cleaning for a while but have several things still on the computer.

There is a service ping.exe that is in the task manager - it seems to play audio advertisement.  Kill it it comes back.

I installed Malwarebytes and it is now constantly popping up that it blocked various malicious websites. 

I followed these steps:

1.  Ran Adwcleaner a couple times. 

2. Ran Malwarebyes 3 times - got to zero items

3. Ran HitmanPro 3 times - got to zero items

4. Ran Zemana Anti Malware 3 times - got to clean pc.

Popus still coming.  Carvell.exe doesn't show up in taskmgr.exe.  So I am assuming it is a svchost virus.  Could be wrong.

Help!

Thanks in advance!!!!

Link to post
Share on other sites

OK can't delete this thread.  Continuing properly:

FRST Dump:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Steve (administrator) on STEVE-SPLIT-X2 (02-09-2016 13:47:27)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7341.57671.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbwe\Solitaire.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404912 2015-10-22] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-10-22] (IDT, Inc.)
HKLM\...\Run: [faribault] => "C:\Program Files (x86)\actus\carvell.exe"
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [Spotify Web Helper] => C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-29] (Spotify Ltd)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-10] (Google Inc.)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [IRS12AUC0C] => "C:\Program Files (x86)\DPower\59CRB48DAE.exe"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [Chromium] => "c:\users\steve\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\RunOnce: [Uninstall C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\MountPoints2: {7810967f-e203-11e5-8283-485ab6b36b20} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2016-09-02]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Sling Media Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2016-09-02]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-09-02]
ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{488e5b26-fa59-4a72-816d-115d9ded13a7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{54baa6fc-806b-406e-a3b8-63e4b594531f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b1222b5-762c-4cf9-8a6f-445c382141e6}: [DhcpNameServer] 8.8.8.8
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-31] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.24/codebase/DVM_IPCam2.ocx
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default
FF NewTab: about:newtab
FF Homepage: hxxps://www.google.com/
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2221598115-2109861328-2175321649-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-2221598115-2109861328-2175321649-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2221598115-2109861328-2175321649-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2221598115-2109861328-2175321649-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Steve\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-12] (Cisco WebEx LLC)
FF Extension: (WebSlingPlayer) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2016-06-28]
FF Extension: (Scrabulizer Importer) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default\Extensions\{ca96eaaa-e97d-4e54-b403-b7b5a8557fad}.xpi [2016-05-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-21]
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-21]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Scrabulizer Importer) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndkbbjdobgblibddjkdmecohdbbkbig [2015-10-22]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Cast (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-04-13]
CHR Extension: (Google Play Music) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-08-31]
CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-03-22]
CHR Extension: (HP Network Check Helper) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-08-08]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-08-05]
CHR Extension: (Qmee) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2016-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-21]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-31] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-02] (SurfRight B.V.)
R2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS0187\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-10-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2015-10-22] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268912 2016-06-08] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2015-11-08] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-10-21] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-23] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-10-22] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [74864 2016-06-08] (Synaptics Incorporated)
R1 tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [316168 2015-12-24] (Trend Micro Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-07-30] (Wondershare)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-02] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 13:47 - 2016-09-02 13:47 - 00027025 _____ C:\Users\Steve\Downloads\FRST.txt
2016-09-02 13:47 - 2016-09-02 13:47 - 00000000 ____D C:\FRST
2016-09-02 13:44 - 2016-09-02 13:47 - 02397696 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2016-09-02 11:32 - 2016-09-02 11:32 - 05660313 _____ (Swearware) C:\Users\Steve\Downloads\ComboFix.exe
2016-09-02 11:25 - 2016-09-02 11:25 - 01046602 _____ C:\Users\Steve\AppData\Local\census.cache
2016-09-02 11:24 - 2016-09-02 11:24 - 01152062 _____ C:\Users\Steve\AppData\Local\ars.cache
2016-09-02 11:20 - 2016-09-02 11:20 - 31930936 _____ (Adlice Software ) C:\Users\Steve\Downloads\setup.exe
2016-09-02 11:11 - 2016-09-02 11:11 - 00000010 _____ C:\Users\Steve\AppData\Local\sponge.last.runtime.cache
2016-09-02 11:03 - 2016-09-02 11:03 - 00000000 ____D C:\WINDOWS\Trend Micro
2016-09-02 11:03 - 2016-09-02 11:03 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-02 11:02 - 2016-09-02 11:02 - 02527376 _____ (Trend Micro Inc.) C:\Users\Steve\Downloads\HousecallLauncher64.exe
2016-09-02 11:02 - 2016-09-02 11:02 - 00000036 _____ C:\Users\Steve\AppData\Local\housecall.guid.cache
2016-09-02 11:02 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-09-02 10:50 - 2016-09-02 10:50 - 00000000 ___HD C:\OneDriveTemp
2016-09-02 10:47 - 2016-09-02 13:47 - 00001944 _____ C:\Users\Steve\Desktop\Rkill.txt
2016-09-02 10:47 - 2016-09-02 10:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2016-09-02 10:36 - 2016-09-02 10:36 - 00000000 ____D C:\ProgramData\Sophos
2016-09-02 10:33 - 2016-09-02 10:33 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-09-02 10:33 - 2016-09-02 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-09-02 10:33 - 2016-09-02 10:33 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-09-02 10:30 - 2016-09-02 13:47 - 00003718 _____ C:\WINDOWS\System32\Tasks\Da2946053129460531
2016-09-02 10:30 - 2016-09-02 10:31 - 152068736 _____ (Sophos Limited) C:\Users\Steve\Downloads\Sophos Virus Removal Tool.exe
2016-09-02 10:15 - 2016-09-02 10:15 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-02 10:15 - 2016-09-02 10:15 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-02 10:14 - 2016-09-02 10:14 - 00242136 _____ C:\Users\Steve\Downloads\Firefox Setup Stub 48.0.2.exe
2016-09-02 10:03 - 2016-09-02 13:47 - 00257048 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-02 10:03 - 2016-09-02 13:37 - 01608038 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-02 10:03 - 2016-09-02 13:37 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-02 10:03 - 2016-09-02 10:03 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-02 10:03 - 2016-09-02 10:03 - 00000000 ____D C:\Users\Steve\AppData\Local\Zemana
2016-09-02 09:57 - 2016-09-02 09:57 - 00005856 _____ C:\WINDOWS\system32\.crusader
2016-09-02 09:55 - 2016-09-02 10:03 - 05295424 _____ ( ) C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup.exe
2016-09-02 09:52 - 2016-09-02 09:58 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-02 09:52 - 2016-09-02 09:52 - 00001973 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-09-02 09:52 - 2016-09-02 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-09-02 09:52 - 2016-09-02 09:52 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-02 09:50 - 2016-09-01 14:45 - 00313856 _____ C:\Users\Steve\AppData\Local\settings.dll
2016-09-02 09:50 - 2016-09-01 14:45 - 00194048 _____ C:\Users\Steve\AppData\Local\carvell.exe
2016-09-02 08:59 - 2016-09-02 12:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-02 08:59 - 2016-09-02 09:30 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-02 08:59 - 2016-09-02 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-02 08:59 - 2016-09-02 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-02 08:59 - 2016-09-02 08:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-02 08:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-02 08:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-02 08:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-02 08:43 - 2016-09-02 08:43 - 00000000 _____ C:\WINDOWS\SysWOW64\${FILE_SN_DLL}
2016-09-02 08:39 - 2016-09-02 09:00 - 00000000 ____D C:\AdwCleaner
2016-09-02 08:38 - 2016-09-02 08:38 - 01950720 _____ C:\Users\Steve\Downloads\AdwCleaner Setup [1].exe
2016-09-02 07:38 - 2015-06-26 15:08 - 00294400 _____ (CodePlex Community) C:\Users\Steve\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-09-02 00:59 - 2016-09-02 00:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-02 00:59 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-09-02 00:54 - 2016-09-02 13:29 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD70D64C-0206-4BBF-9812-33B4EE85FA46}
2016-09-02 00:30 - 2016-09-02 09:30 - 00001459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-02 00:30 - 2016-09-02 09:30 - 00001453 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-02 00:30 - 2016-09-02 01:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-02 00:30 - 2016-09-02 00:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-02 00:30 - 2016-09-02 00:30 - 00000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-09-02 00:30 - 2016-09-02 00:30 - 00000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-09-02 00:30 - 2016-09-02 00:30 - 00000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-09-02 00:30 - 2016-09-02 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-02 00:30 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-09-01 23:49 - 2016-09-02 00:49 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-09-01 23:48 - 2016-09-02 09:20 - 00000000 ____D C:\WINDOWS\pss
2016-09-01 19:12 - 2016-09-02 09:19 - 00000000 ____D C:\Users\Steve\AppData\Local\Apps\2.0
2016-09-01 14:45 - 2016-09-01 14:45 - 00313856 _____ C:\WINDOWS\settings.dll
2016-09-01 14:45 - 2016-09-01 14:45 - 00194048 _____ C:\WINDOWS\disappointment.exe
2016-09-01 07:37 - 2016-09-01 07:37 - 00359910 ____T C:\Users\Steve\Documents\Adoration Monthly Prayer Assignments.pdf
2016-08-31 21:14 - 2016-09-01 15:55 - 00000000 ___HD C:\WINDOWS\AxInstSV
2016-08-30 11:31 - 2016-09-02 13:39 - 00000688 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job
2016-08-30 11:31 - 2016-09-02 13:05 - 00000592 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job
2016-08-30 11:31 - 2016-08-30 11:31 - 00000000 ____D C:\Users\Steve\AppData\Local\Citrix
2016-08-30 11:30 - 2016-08-30 11:31 - 00321008 _____ (Citrix Online) C:\Users\Steve\Downloads\GoToWebinar Launcher(1).exe
2016-08-30 11:10 - 2016-08-30 11:10 - 00260929 _____ C:\Users\Steve\Downloads\8.1.2.5.rar
2016-08-29 08:35 - 2016-08-29 08:35 - 00000316 _____ C:\Users\Steve\Desktop\Apply For Johnson and Johnson Area Business Specialist, CNS (Cincinnati, Ohio) - Janssen Pharmaceuticals, Inc. job - Selling.URL
2016-08-27 20:43 - 2016-08-27 20:43 - 08136256 _____ (TeamViewer) C:\Users\Steve\Downloads\TeamViewerQS_en (1).exe
2016-08-27 20:42 - 2016-08-27 20:42 - 08136256 _____ (TeamViewer) C:\Users\Steve\Downloads\TeamViewerQS_en.exe
2016-08-26 15:22 - 2016-08-26 15:22 - 00000220 _____ C:\Users\Steve\Desktop\httpjohn15-5.adorationservants.org.URL
2016-08-23 12:56 - 2016-08-23 12:57 - 00355787 _____ C:\Users\Steve\Downloads\linkedin_connections_export_microsoft_outlook(1).csv
2016-08-22 18:46 - 2016-08-22 18:46 - 00322946 _____ C:\Users\Steve\Downloads\30+60+90+Day+Template+-+Final.pptx
2016-08-21 20:51 - 2016-08-21 21:16 - 00000000 ____D C:\Users\Steve\Desktop\New folder (4)
2016-08-20 11:38 - 2016-08-20 11:40 - 00341112 ____T C:\Users\Steve\Desktop\Walmart Pirelli P4 Four Seasons Plus.pdf
2016-08-19 09:05 - 2016-08-19 09:05 - 00073375 _____ C:\Users\Steve\Downloads\CMIT_Proforma_Sheet_2016(1).xlsx
2016-08-18 17:15 - 2016-08-18 17:15 - 00045730 _____ C:\Users\Steve\Desktop\fax rwb_worldwide_2016-08-18_21-07-44.pdf
2016-08-18 15:38 - 2016-08-18 15:38 - 05103963 _____ C:\Users\Steve\Downloads\996981530_28_IKOR_INTERNATIONAL_-_2016_FDD__V7__081816_506361674.pdf
2016-08-18 13:48 - 2016-09-02 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-18 12:28 - 2016-08-18 12:28 - 00000293 _____ C:\Users\Steve\Desktop\JLL Careers - Job details.URL
2016-08-18 10:45 - 2016-08-18 10:45 - 10813322 _____ C:\Users\Steve\Downloads\suck_less_search_pdf.pdf
2016-08-17 14:24 - 2016-08-17 14:24 - 00370807 ____T C:\Users\Steve\Desktop\fax test.pdf
2016-08-17 11:10 - 2016-08-17 11:10 - 00000000 ____D C:\Users\Steve\Documents\Franchise
2016-08-16 18:45 - 2016-08-16 18:45 - 20724029 _____ C:\Users\Steve\Downloads\Op-Manual-MP-C3003-C3503-C4503-C5503-C6003.pdf
2016-08-15 14:25 - 2016-08-15 14:25 - 00704872 _____ C:\Users\Steve\Documents\Scan0001.pdf
2016-08-15 10:32 - 2016-08-15 10:32 - 00073375 _____ C:\Users\Steve\Downloads\CMIT_Proforma_Sheet_2016.xlsx
2016-08-14 18:24 - 2016-08-14 18:24 - 00100675 _____ C:\Users\Steve\Downloads\SOI_List_Template.xlsx
2016-08-14 18:22 - 2016-08-14 18:22 - 01646604 _____ C:\Users\Steve\Downloads\CMIT_Solutions_Frequently_Asked_Questions.pdf
2016-08-14 18:20 - 2016-08-14 18:20 - 00330618 _____ C:\Users\Steve\Downloads\Managed_Services_Whitepaper.pdf
2016-08-14 18:15 - 2016-08-14 18:15 - 00146973 _____ C:\Users\Steve\Downloads\Initial_Investment_2016(1).pdf
2016-08-14 18:00 - 2016-08-14 18:00 - 00358442 _____ C:\Users\Steve\Downloads\Why_a_Business_Not_a_Job.pdf
2016-08-12 12:38 - 2016-08-12 12:38 - 00986528 _____ (Google Inc.) C:\Users\Steve\Downloads\GoogleVoiceAndVideoSetup.exe
2016-08-12 11:24 - 2016-08-12 11:25 - 12063336 _____ (Hewlett-Packard Company ) C:\Users\Steve\Downloads\sp76259.exe
2016-08-10 16:31 - 2016-08-10 16:31 - 18124829 _____ C:\Users\Steve\Downloads\RightatHomeinc.ppt
2016-08-09 20:12 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 20:12 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 20:12 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 20:12 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 20:12 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 20:12 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 20:12 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 20:12 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 20:12 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 20:12 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 20:12 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 20:12 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 20:12 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 20:12 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 20:12 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 20:12 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 20:12 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 20:12 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 20:12 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 20:12 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 20:12 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 20:12 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 20:12 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 20:12 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 20:12 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 20:12 - 2016-08-03 05:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-08-09 20:12 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 20:12 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 20:12 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 20:12 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 20:12 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 20:12 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 20:12 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 20:12 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 20:12 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 20:12 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 20:12 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 20:12 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 20:12 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 20:12 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 20:12 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 20:12 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 20:12 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 20:12 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 20:12 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 20:12 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 20:12 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 20:12 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 20:12 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 20:12 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 20:12 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 20:12 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 20:12 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 20:12 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 20:12 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 20:12 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 20:12 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 20:12 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 20:12 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 20:12 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 20:12 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 20:12 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 20:12 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 20:12 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 20:12 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 20:12 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 20:12 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 20:12 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 20:12 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 20:12 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 20:12 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 20:12 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 20:12 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 20:12 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 20:12 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 20:12 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 20:12 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 20:12 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 20:12 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 20:12 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 20:12 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 20:12 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 20:12 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 20:12 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 20:12 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 20:12 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 20:12 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 20:12 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 20:12 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 20:12 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 20:12 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 20:12 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 20:12 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 20:12 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 20:12 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 20:12 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 20:12 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 20:12 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 20:12 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 20:12 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 20:12 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 20:12 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 20:12 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 20:12 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 20:12 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 20:12 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 20:12 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 20:12 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 20:12 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 20:12 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 20:12 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 20:12 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 20:12 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 20:12 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 20:12 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 20:12 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 20:12 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 20:12 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 20:11 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 20:11 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 20:11 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 20:11 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 20:11 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 20:11 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 20:11 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 20:11 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 20:11 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 20:11 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 20:11 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 20:11 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 20:11 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 20:11 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 20:11 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 20:11 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 20:11 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 15:30 - 2016-08-09 15:30 - 04211400 _____ C:\Users\Steve\Downloads\rwbworldwide.com.zip
2016-08-08 22:35 - 2016-08-08 22:35 - 00000000 ____D C:\Users\Steve\AppData\Roaming\KompoZer
2016-08-08 22:32 - 2016-08-08 22:33 - 07949158 _____ C:\Users\Steve\Downloads\kompozer-0.7.10-win32.zip
2016-08-08 22:14 - 2016-08-08 22:15 - 36263023 _____ C:\Users\Steve\Downloads\SeaMonkey Setup 2.40.exe
2016-08-08 17:34 - 2016-08-08 17:34 - 02960443 _____ C:\Users\Steve\Downloads\FranKit-Current.pdf
2016-08-08 11:03 - 2016-08-08 11:03 - 03142706 _____ C:\Users\Steve\Downloads\stormguardfdd2016.pdf
2016-08-07 18:46 - 2016-08-07 18:46 - 02263935 ____T C:\Users\Steve\Documents\The Villas of Park Place.pdf
2016-08-07 18:45 - 2016-08-07 18:45 - 02698170 _____ C:\Users\Steve\Documents\Park Place.pdf
2016-08-07 07:43 - 2016-08-07 07:43 - 00444272 _____ C:\Users\Steve\Downloads\Letter-of-Instruction-Update_Final.pdf
2016-08-05 08:44 - 2016-08-05 08:44 - 00146973 _____ C:\Users\Steve\Downloads\Initial_Investment_2016.pdf
2016-08-03 06:41 - 2016-08-03 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 13:43 - 2015-11-03 21:05 - 00000000 ____D C:\Users\Steve\Documents\Outlook Files
2016-09-02 13:08 - 2016-01-10 23:48 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2221598115-2109861328-2175321649-1001UA.job
2016-09-02 12:08 - 2016-01-10 23:48 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2221598115-2109861328-2175321649-1001Core.job
2016-09-02 10:56 - 2015-12-16 20:42 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-02 10:56 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-02 10:50 - 2015-10-21 22:12 - 00000000 ___RD C:\Users\Steve\OneDrive
2016-09-02 10:49 - 2015-12-16 20:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-02 10:49 - 2015-12-16 20:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-02 10:49 - 2015-10-21 22:32 - 00000000 __SHD C:\Users\Steve\IntelGraphicsProfiles
2016-09-02 10:48 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-02 10:37 - 2016-05-06 07:54 - 00000000 ____D C:\Users\Steve\Documents\RWBworldwide
2016-09-02 10:37 - 2015-10-21 18:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Packages
2016-09-02 10:24 - 2016-03-18 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 09:30 - 2016-06-23 23:36 - 00002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-09-02 09:30 - 2016-04-14 14:12 - 00002214 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Jeans.lnk
2016-09-02 09:30 - 2016-02-11 19:32 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-09-02 09:30 - 2016-01-10 19:55 - 00002125 _____ C:\Users\Public\Desktop\GnuCash.lnk
2016-09-02 09:30 - 2015-12-17 17:28 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-09-02 09:30 - 2015-12-16 20:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-02 09:30 - 2015-12-12 12:19 - 00001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-02 09:30 - 2015-12-12 12:18 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-02 09:30 - 2015-12-07 22:54 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-09-02 09:30 - 2015-11-06 16:21 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-09-02 09:30 - 2015-10-25 18:40 - 00001908 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-02 09:30 - 2015-10-25 08:16 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-02 09:30 - 2015-10-22 22:46 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-02 09:30 - 2015-10-21 22:18 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-02 09:30 - 2015-10-21 22:14 - 00002417 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-02 09:30 - 2013-10-16 12:19 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Connected Music.lnk
2016-09-02 09:30 - 2013-10-16 12:15 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-02 09:30 - 2013-10-16 12:15 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-09-02 09:30 - 2013-10-16 12:08 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
2016-09-02 09:29 - 2015-11-05 15:56 - 00001195 _____ C:\Users\Steve\Desktop\Kernel OST Viewer .lnk
2016-09-02 08:22 - 2013-10-16 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-09-02 07:31 - 2015-10-21 18:01 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2016-09-01 20:27 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-01 20:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-01 19:33 - 2015-12-16 20:42 - 00000000 ____D C:\Users\Steve
2016-09-01 19:18 - 2016-01-21 17:11 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job
2016-09-01 16:07 - 2015-11-04 16:06 - 00000000 ____D C:\Users\Steve\Documents\Resume Data
2016-09-01 15:51 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-09-01 15:27 - 2015-10-25 18:40 - 00000000 ____D C:\Users\Steve\AppData\Local\Spotify
2016-09-01 15:27 - 2015-10-25 18:39 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Spotify
2016-08-31 22:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-31 22:37 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-30 22:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-30 07:29 - 2015-11-06 18:36 - 00000000 ____D C:\Users\Steve\AppData\Roaming\KeePass
2016-08-30 07:29 - 2015-11-04 14:00 - 00000000 ____D C:\Users\Steve\Documents\KeePass2
2016-08-27 21:08 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-27 21:07 - 2013-10-16 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-27 20:58 - 2015-12-07 22:54 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2016-08-23 17:01 - 2016-01-12 14:55 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\WebEx
2016-08-22 12:12 - 2015-10-22 22:45 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-19 11:08 - 2015-12-07 22:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-12 15:55 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 11:48 - 2015-11-13 08:35 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Skype
2016-08-12 11:44 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 11:38 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 11:38 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 10:49 - 2013-08-31 23:49 - 00000000 ____D C:\SWSetup
2016-08-12 00:07 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-12 00:07 - 2015-10-22 20:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 23:59 - 2015-10-22 20:49 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 13:22 - 2016-03-04 23:09 - 00000000 ____D C:\Users\Steve\Desktop\Mojo Web Site
2016-08-08 22:19 - 2016-03-18 13:27 - 00000000 ____D C:\Users\Steve\AppData\Local\Mozilla
2016-08-08 22:19 - 2016-01-12 14:55 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Mozilla
2016-08-05 09:41 - 2016-01-12 14:55 - 00000000 ____D C:\ProgramData\WebEx
2016-08-03 06:41 - 2015-11-08 17:57 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-03 06:41 - 2015-10-22 20:00 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-11-11 16:38 - 2015-11-11 16:38 - 0025553 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values.ADR
2016-07-04 20:24 - 2016-07-04 20:24 - 0000000 _____ () C:\Users\Steve\AppData\Roaming\WbspInstallerTempFileToBeDeleted.txt
2016-09-02 11:24 - 2016-09-02 11:24 - 1152062 _____ () C:\Users\Steve\AppData\Local\ars.cache
2016-09-02 09:50 - 2016-09-01 14:45 - 0194048 _____ () C:\Users\Steve\AppData\Local\carvell.exe
2016-09-02 11:25 - 2016-09-02 11:25 - 1046602 _____ () C:\Users\Steve\AppData\Local\census.cache
2016-09-02 11:02 - 2016-09-02 11:02 - 0000036 _____ () C:\Users\Steve\AppData\Local\housecall.guid.cache
2016-09-02 07:38 - 2015-06-26 15:08 - 0294400 _____ (CodePlex Community) C:\Users\Steve\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-01-10 20:25 - 2016-01-10 20:25 - 0001780 _____ () C:\Users\Steve\AppData\Local\recently-used.xbel
2016-09-02 09:50 - 2016-09-01 14:45 - 0313856 _____ () C:\Users\Steve\AppData\Local\settings.dll
2016-09-02 11:11 - 2016-09-02 11:11 - 0000010 _____ () C:\Users\Steve\AppData\Local\sponge.last.runtime.cache
2015-12-17 17:28 - 2015-12-17 17:28 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\HPInstaller.exe
C:\Users\Steve\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Steve\AppData\Local\Temp\libeay32.dll
C:\Users\Steve\AppData\Local\Temp\msvcr120.dll
C:\Users\Steve\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-31 22:37

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition Notepad dump:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Steve (02-09-2016 13:48:28)
Running from C:\Users\Steve\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-17 00:54:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2221598115-2109861328-2175321649-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2221598115-2109861328-2175321649-503 - Limited - Disabled)
Guest (S-1-5-21-2221598115-2109861328-2175321649-501 - Limited - Disabled)
Steve (S-1-5-21-2221598115-2109861328-2175321649-1001 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Family Paint (HKLM-x32\...\{8393D59B-D45F-470B-90EB-EEA15E664AE7}) (Version: 1.0.5.243 - ArcSoft)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blue Jeans (HKLM-x32\...\{12E34510-9DBD-457A-8645-5E12956602E9}) (Version: 1.10.22 - Blue Jeans)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bookworm Adventures Volume 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Byki (x32 Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Express (HKLM-x32\...\Byki Express) (Version: 4.1 - Transparent Language, Inc.)
ChromecastApp (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Cozi (HKLM-x32\...\{EC8228E5-80A1-42EE-BA03-DE19D8D5A1E0}) (Version: 2.0.8722.42485 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DISH Anywhere Slingplayer Installer (x32 Version: 1.1.0.384 - Sling Media) Hidden
DISH Anywhere Video Player (HKLM-x32\...\{19A59152-3EA7-4631-9A11-5D2DBEF29780}) (Version: 2.29.3 - DISH Anywhere)
DishAnywhereDesktop (HKLM-x32\...\{64ce7194-0a6e-4b76-90e5-432d8106504f}) (Version: 1.1.0.384 - Sling Media)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
GnuCash 2.6.9 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.22.0.5506 (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\GoToMeeting) (Version: 7.22.0.5506 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{5F852577-14FC-4C5D-9279-CFA90D712FCB}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Kernel OST Viewer ver 15.0 (HKLM-x32\...\Kernel OST Viewer_is1) (Version:  - Lepide Software Pvt.Ltd.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2063 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monopoly version 1.00.00.594394 (HKLM-x32\...\{d176ba37-928e-4b25-9a62-78b2c73331f8}_is1) (Version: 1.00.00.594394 - EA)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MyFFVideoConverter (HKLM-x32\...\MyFFVideoConverter) (Version: 1.0.0.0 - Pergel.hu)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1036 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1036 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1036 - Microsoft Corporation) Hidden
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
PdaNet+ for Android 4.18 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.57.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 3375.110 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SimplePiano (remove only) (HKLM-x32\...\SimplePiano) (Version:  - )
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Slingplayer for Web Installer (x32 Version: 1.2.7.358 - Sling Media) Hidden
SlingplayerForWeb (HKLM-x32\...\{62a74667-8e59-4fbc-9417-ad041a630066}) (Version: 1.2.7.358 - Sling Media)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spotify (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02940F68-90D9-4A70-A697-F289725B9E7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {09B5AFF5-1A79-4F6D-AD61-6B041D41507A} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19828BE8-181C-452A-B2CA-A663B7508256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {1C00B6DA-E484-4A1D-BFE4-392CCE973648} - \G2MUploadTask-S-1-5-21-2221598115-2109861328-2175321649-1001 -> No File <==== ATTENTION
Task: {22B7E457-7638-498A-94FE-9E21DD13EDCB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {2CD6933B-BD41-48D9-AB85-D8CC92744C26} - \GoogleUpdateTaskUserS-1-5-21-2221598115-2109861328-2175321649-1001Core -> No File <==== ATTENTION
Task: {33BAA670-48FD-48A8-8512-465295168F88} - \GarminUpdaterTask -> No File <==== ATTENTION
Task: {34531691-08A3-4A87-A36E-9F03BDFFA2E7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {416B6139-AA5C-4ECB-B381-C5564FF5E2E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-01] (Microsoft Corporation)
Task: {42C98737-909E-4866-B1DE-8D8ED0112F4C} - \HPCustParticipation HP Officejet Pro 8610 -> No File <==== ATTENTION
Task: {4DB8C1C5-8D00-4875-A972-205919238805} - \G2MUpdateTask-S-1-5-21-2221598115-2109861328-2175321649-1001 -> No File <==== ATTENTION
Task: {64EBB7B5-8BBA-4FE0-AA13-36001163FB3F} - \HPCeeScheduleForSteve -> No File <==== ATTENTION
Task: {65070F86-0DC9-4AEA-95A0-CD526D6F2D76} - \Opera scheduled Autoupdate 1445568390 -> No File <==== ATTENTION
Task: {752D4054-9117-4B7B-A37A-CA3878C2273B} - \Optimize Start Menu Cache Files-S-1-5-21-2221598115-2109861328-2175321649-500 -> No File <==== ATTENTION
Task: {7FB4B434-7419-4521-BFEA-F8D6412A9B27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {8C8DE422-B1F3-4111-BB17-12967A473981} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {8DEA4D00-71B2-420A-A54B-D03F8688A6DF} - \GoogleUpdateTaskUserS-1-5-21-2221598115-2109861328-2175321649-1001UA -> No File <==== ATTENTION
Task: {91BA9673-BAB4-4444-85B3-EF5AE916E305} - \SmartShare -> No File <==== ATTENTION
Task: {A80D1B14-C64A-41A4-AC89-612DCBE6868D} - System32\Tasks\Da2946053129460531 => C:\Users\Steve\AppData\Local\carvell.exe [2016-09-01] ()
Task: {C43C2F13-4750-4A0E-AF71-0F0EAFF61B21} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-01] (Microsoft Corporation)
Task: {C6C8FAB5-0C14-4FEC-BD19-05853FFEDE8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-01] (Microsoft Corporation)
Task: {C87FCA00-2EFA-4C61-A767-895BCD6A2A48} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {E7AFCA96-4884-491D-B6F7-A9167FD50090} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {EC1AFA24-5230-44CD-80AF-CFD3C34A4C5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {EDBAACA4-47AE-4CF3-93CD-F010AD96C017} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-31] (Microsoft Corporation)
Task: {FE990390-F3B7-47A8-AC8E-3CC4F908F443} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-31] (Microsoft Corporation)
Task: {FEDC2C76-EB0B-4775-B0AD-CA609B77678D} - \Optimize Start Menu Cache Files-S-1-5-21-2221598115-2109861328-2175321649-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job =>
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5506\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5506\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2221598115-2109861328-2175321649-1001Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2221598115-2109861328-2175321649-1001UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job =>
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job =>
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-08 08:23 - 2016-07-31 05:48 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-07-13 07:37 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-22 20:58 - 2015-10-22 20:58 - 00404912 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-13 07:37 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-22 20:49 - 2016-08-22 20:49 - 01864384 _____ () C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-05-08 08:27 - 2016-07-31 09:27 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 07:16 - 2016-04-19 07:16 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-23 07:08 - 2015-09-03 15:44 - 01058616 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-07-13 07:37 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 07:37 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 07:37 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 07:37 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-18 07:52 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 07:39 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-19 09:01 - 2016-07-19 09:01 - 01024720 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7341.57671.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-08-24 06:52 - 2016-08-24 06:53 - 00150728 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7341.57671.0_x64__8wekyb3d8bbwe\textinputdriver.dll
2016-08-24 06:52 - 2016-08-24 06:53 - 00655560 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7341.57671.0_x64__8wekyb3d8bbwe\SignalRClient_winapp.dll
2016-06-03 07:05 - 2016-06-03 07:06 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2016-07-01 07:06 - 2016-07-01 07:07 - 04108184 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1606.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-15 07:21 - 2016-03-15 07:21 - 03128832 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbwe\Avatars.dll
2016-08-16 06:46 - 2016-08-16 06:47 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 06:46 - 2016-08-16 06:47 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 07:04 - 2016-06-03 07:05 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 08:27 - 2016-03-04 08:28 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-24 06:53 - 2016-08-24 06:53 - 00071872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\icui18n56.dll
2016-08-24 06:53 - 2016-08-24 06:53 - 04028608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-25 17:57 - 2016-08-25 17:57 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-07-31 14:54 - 2016-07-31 14:54 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-09-02 00:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-02 00:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-02 00:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-02 00:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-02 00:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-08 08:27 - 2016-07-31 07:57 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-04-19 07:16 - 2016-04-19 07:16 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:16 - 2016-04-19 07:17 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-22 20:49 - 2016-08-22 20:49 - 01383616 _____ () C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-22 20:49 - 2016-08-22 20:49 - 00118976 _____ () C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2015-01-13 16:45 - 2015-01-13 16:45 - 40578048 _____ () C:\Program Files (x86)\DishAnywhereDesktop\libcef.dll
2015-12-03 11:21 - 2015-12-03 11:21 - 40578048 _____ () C:\Program Files (x86)\Sling Media\SlingplayerForWeb\libcef.dll
2015-01-13 16:45 - 2015-01-13 16:45 - 01920000 _____ () C:\Program Files (x86)\DishAnywhereDesktop\ffmpegsumo.dll
2015-12-03 11:21 - 2015-12-03 11:21 - 01920000 _____ () C:\Program Files (x86)\Sling Media\SlingplayerForWeb\ffmpegsumo.dll
2015-11-28 18:26 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\garmin.com -> hxxps://my.garmin.com
IE trusted site: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\wordle.net -> hxxps://www.wordle.net

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-09-02 07:37 - 00001010 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "faribault"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\StartupApproved\Run: => "IRS12AUC0C"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\StartupApproved\Run: => "kozma"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{76F6D9EC-26C1-45A3-A3E0-45746147D442}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5426E4B7-480B-4E97-A12F-AF43AB344813}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3F06588-1AD9-4A72-964B-2B5157E8FFF9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A93BE479-007B-4E7A-A4B6-9BB64330B239}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA6D6E77-0DD9-4BE7-B3E1-9ECF53C1C194}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7794176B-3A48-4942-9823-6CB54A84107D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2663DD07-706F-4A66-A4A2-A20CA8858A85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEE6B7E2-812B-49DB-AB8B-6158F0B93316}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5C08E6F-44BA-4199-B7F9-D50C55AF35E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{04FF4C40-77D5-4517-911B-A16A9660251E}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E8594489-F06F-479F-82E3-EA718C0343F7}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{13D6C8F6-2B68-4396-94F9-E5EAA95392B2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{9B7D2E36-3DCE-43C3-A3A3-6CD927A29505}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{33BAFCD6-19FC-4FC0-8538-535993D55E2E}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [TCP Query User{169CBFA5-8F9E-4F64-BDD7-78533CF12835}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{1B609FA4-2A12-489E-AF41-31F799CD7E48}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [TCP Query User{CD46FD49-A72F-45F6-91BC-F336A7E2E6DC}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [{18C07216-136D-45D6-8B77-239F92B7E7E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D6F6B990-1C63-4358-8217-D90F8F52F3A0}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E2A84E87-396A-4848-A0E1-15A19FE00D59}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C05ACE9A-7119-483F-9190-D9D71F251374}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{215B4E2E-C7D9-4692-A521-217B33FCD927}] => (Allow) LPort=2869
FirewallRules: [{30CE10FE-CC1B-4D6F-A476-50D356714537}] => (Allow) LPort=1900
FirewallRules: [{1996AE36-20AC-4A67-84CB-B7914FD961D2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{26AF7472-CA24-4BA4-A633-6D331160BDBA}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E55B12EE-99C1-4969-83E3-A8BAA0969E1B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{65AD5E75-BC55-4CBC-B25C-ABB78B3BDF8B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{979C2B52-B08D-462E-9968-789BF25D90EF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{60B1080B-AD9D-47A1-AC73-602E5103D53B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{36DA00D6-A3E7-4EB0-950C-3057936977EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{13848EEA-76BA-461B-A4E8-5D53D7038675}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0130353-D5B9-4ED6-9799-0937A4F4F65D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BDF3FBB-9088-4691-BA0B-260BBA5E0004}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{094EE917-BB3A-492D-BC14-53F6193B30A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C4FF9712-60D5-4B9F-897C-280E5C28A247}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{267AEAB5-A5A2-4AE7-8DCC-D276343177C5}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS0187\hppiw.exe
FirewallRules: [{8335D25B-B2BB-46B7-BDC0-F8DE581A3F95}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS0187\hppiw.exe
FirewallRules: [{E3B63B22-5170-400B-8296-D88307D406C6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{9B61F742-F736-4F3E-9B96-D0E01E7E8B02}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{3BAF6F9D-62CA-4136-B57A-17CD96307727}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{31232DA8-0DD8-4398-AC6B-8856771CD2E6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{290C13A9-4916-4975-A84C-33F6457515FF}] => (Allow) LPort=5357
FirewallRules: [{67B529A1-8EBB-4A25-B62D-788CBF8C9289}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{E69FCBC5-041F-4281-B28C-844E8B6C70AA}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [UDP Query User{91E22D2F-FBC5-484E-AA4B-A02C7A327DC8}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [{6FED3A5F-9677-4430-84DC-8F236D46F8C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BFB8633-26D5-4466-AFF1-1C51787B8EEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{846F6B5E-7233-46F0-8EE3-79C0A30E89B2}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Allow) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{448498B2-47B4-4E84-AE17-8B976069D332}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Allow) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [TCP Query User{D8FA3EA8-20F4-44D0-9DE7-2B8BB981F2DE}C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [UDP Query User{EFF5C9B9-1671-4551-8BF4-6D1EB3D39866}C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [{891D766F-2040-41BD-9A23-A0B6374E16B9}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS459F\HPDiagnosticCoreUI.exe
FirewallRules: [{F2578D8B-95ED-4217-BC90-D5E6B90DE9B9}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS459F\HPDiagnosticCoreUI.exe
FirewallRules: [{F4880976-7F09-4380-921B-7AA9A354CF31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2329453D-F21C-4BD1-9880-2C5291263F5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC2D753F-C4B0-4984-8549-957C5EB0AC1F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4363EEBC-84FA-4C24-B0E6-C3B23CC46064}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2D9A3BFE-FB4E-4BE2-8192-EFD5B0376D33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{0A811D6F-368D-4B5D-A22E-A4998D7F051B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{7AD2BC93-7F4A-4BEE-9F76-FA0B570132E3}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{CD295A4B-C521-478A-99F7-860F17572EB4}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{BC54E356-BE60-4289-8ABC-9EDA361608E2}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{D47099B2-3777-4224-AE1F-8C9713BD81D9}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{1BDBF9CA-24BA-4317-932B-26D921A94C54}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{932CE933-F297-499B-8132-E656A6839C7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{12F09071-CB57-439E-B03B-19E7BF021516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0054481D-ECC7-447A-822D-19D858DDDA80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FE63E93C-A3FE-4F4F-820B-80E5A4E7E5F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{995BA47B-B2EA-4E85-9D27-6437DDDE7CD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3D890FD4-97FA-4AF7-B142-C2B3C6E73468}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{160639E4-F9CF-4CAE-BF36-27B2C48EA80F}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{70530226-5C5D-4970-B2A5-F05151521009}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{BD159D5B-EE6C-4884-9CBB-B6B388330D79}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{31BB6551-303C-4C1F-B59E-896AB89EE147}] => (Allow) C:\Users\Steve\AppData\Local\ddnowyes.exe
FirewallRules: [{B67C7528-4760-443C-9E02-46E41FD8A4F9}] => (Allow) C:\Users\Steve\AppData\Local\Temp\nsf9799.tmp\setup.exe
FirewallRules: [{C5A344A6-5F8B-4761-83CD-DF5D9F76F77F}] => (Allow) C:\Users\Steve\AppData\Local\86947498.exe
FirewallRules: [{81C8EB87-D53E-4E32-B89E-1BCE26B30E0F}] => (Allow) C:\Users\Steve\AppData\Local\tinstall.exe
FirewallRules: [{365894D8-CFDD-4819-B2DF-1761A84561ED}] => (Allow) C:\Users\Steve\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{2A9E2A5E-2BD4-4765-9578-77C770E061A6}] => (Allow) C:\Users\Steve\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{F16B85B2-2DE7-4215-99A7-A43DF261766D}] => (Allow) C:\Program Files (x86)\actus\carvell.exe
FirewallRules: [TCP Query User{965D539F-8C29-4EB3-9C46-8A9CBD9692B5}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{085C406A-1D62-430F-948D-4558F1065575}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{73A5FAE4-1A74-49CD-89FC-5AF2681CEFF2}] => (Allow) C:\Users\Steve\AppData\Local\Chromium\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D7400 series
Description: Photosmart D7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2016 10:19:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xc000041d
Fault offset: 0x000000000001cd65
Faulting process id: 0x2404
Faulting application start time: 0x01d2052472dd8bd1
Faulting application path: C:\WINDOWS\regedit.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 643464a4-5cf8-4166-9b88-cfa8772b859c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/02/2016 10:19:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.494, time stamp: 0x5775e94c
Faulting module name: StartUI.dll, version: 10.0.10586.494, time stamp: 0x5775e851
Exception code: 0xc000041d
Fault offset: 0x00000000002990c8
Faulting process id: 0x2a90
Faulting application start time: 0x01d20523727c74d2
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll
Report Id: 1f74e4d2-43fd-47ba-a375-6895a6b56496
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (09/02/2016 10:19:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.494, time stamp: 0x5775e94c
Faulting module name: StartUI.dll, version: 10.0.10586.494, time stamp: 0x5775e851
Exception code: 0xc0000005
Fault offset: 0x00000000002990c8
Faulting process id: 0x2a90
Faulting application start time: 0x01d20523727c74d2
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll
Report Id: f195076e-4b7f-484c-b8a8-f94ece9d9ab1
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (09/02/2016 10:18:16 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2016 10:16:41 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2016 10:04:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2016 09:58:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STEVE-SPLIT-X2)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/02/2016 09:52:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2016 09:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xc000041d
Fault offset: 0x000000000001cd70
Faulting process id: 0x28b0
Faulting application start time: 0x01d2051fc7785ab0
Faulting application path: C:\WINDOWS\regedit.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 8bf68deb-5bff-449c-b1d9-0eeff26b1f43
Faulting package full name:
Faulting package-relative application ID:

Error: (09/02/2016 09:23:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/02/2016 01:38:33 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:38:33 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:38:33 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:38:11 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:38:11 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:38:08 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:38:08 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:26:59 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 01:26:59 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2016 12:31:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-09-01 19:15:48.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:48.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:43.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:41.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:41.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:17.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:17.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:15.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:11.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:11.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4020Y CPU @ 1.50GHz
Percentage of memory in use: 68%
Total physical RAM: 4028.15 MB
Available physical RAM: 1249.3 MB
Total Virtual: 7740.15 MB
Available Virtual: 4100.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:106.33 GB) (Free:21.88 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.36 GB) (Free:1.19 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0F3E11DE)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Hello @SteveE and :welcome:
I realize you've run a few tools already but let's start out and go through a bit more methodical routine to ensure we find and remove things properly. Unless asked otherwise please ATTACH all logs.


Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large, then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable, it is unlikely, but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to clean up all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 01
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.
When RKill runs, it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process and does not delete any files, after running it, you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill, you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1 | Link 2

  • On Windows XP Double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear, this is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer; you will need to run the application again.

STEP 02
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double-clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 03
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program, please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Hello Ron,

Thanks for replying.   Followed the process above. 

Just an update from stuff I did on Friday:  The problem seems to be isolated to chrome now - after using MBAM and Hitman and Zemana, the system was clean until I run chrome.  System is fine if I only use Mozilla or IE.  I ran chrome - started getting the "malicious website blocked" from proccess caravell.exe.  Also 3 programs get loaded and show up in task manager Ping, PresentationFontCache.exe and Runtime Broker.  These seem to play an audio ad every few minutes.   I ran chrome prior to this process so the machine was infected.

MBAM will eliminate these from the system after a reboot, and I am fine until I run chrome.  Here is the log file:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/7/2016
Scan Time: 8:06 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.07.04
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371769
Time Elapsed: 47 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{65767E3E-E7C6-42E5-A867-F0CFFCDAF169}, Delete-on-Reboot, [cd8387e80a90cc6acfac18b203ff2fd1],
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Da2946053129460531, Delete-on-Reboot, [b49ca1ce8515f93dc9b5be0c90722fd1],

Registry Values: 1
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{65767E3E-E7C6-42E5-A867-F0CFFCDAF169}|Path, \Da2946053129460531, Delete-on-Reboot, [cd8387e80a90cc6acfac18b203ff2fd1]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\Da2946053129460531, Quarantined, [0848b9b64a5021152d4805c507fbbe42],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Link to post
Share on other sites

  • Root Admin

Let's go ahead and reset Chrome then before we run anymore scans.

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

 

Link to post
Share on other sites

Hi,

Just to clarify....   I am not sure what you mean by the last statement "Close Chrome and restart it and check it our for me please".   Chrome currently works fine, except for launching the malware.   So, when I open chrome to export bookmarks Ping and Caravell will start up.  So even after resetting chrome, those malware programs will still be running.   Not sure what I will see differently after just resetting.

After resetting chrome I can re-run MBAM and reboot to get rid of the malware and then test chrome to see if we removed?   OR do I need to check something else.

Waiting on your reply to proceed. 

THANK YOU!!!

Steve

Link to post
Share on other sites

OK,

I deleted all of my Sync Data and did not log back in.   I went to chrome settings, clicked "show advanced settings" and there is no option to reset Chrome.   I copied everything on the page and posted below.   (Maybe part of the problem?).   I did a quick search and found you can reset by entering this link:   chrome://settings/resetProfileSettings.   Which I did, and the box came up to reset.  Seemed to work - extensions disabled.

Current state of system - MBAM is blocking Websites access from Carvell continuously and I am getting audio adverts from Ping.exe.   Running MBAM to clear the malware and will reboot when it finishes.  

Settings

Sign in

Sign in to get your bookmarks, history, passwords and other settings on all your devices. You'll also automatically be signed in to your Google services.

 Learn more
Sign in to Chrome

Appearance

Get themes Reset to default theme
Show Home button
www.google.com/ Change
 
Always show the bookmarks bar

Default browser

Make Google Chrome the default browser
Google Chrome is not currently your default browser.

Privacy

Content settings... Clear browsing data...

Google Chrome may use web services to improve your browsing experience. You may optionally disable these services. Learn more

Use a web service to help resolve navigation errors
Use a prediction service to help complete searches and URLs typed in the address bar
Use a prediction service to load pages more quickly
Automatically report details of possible security incidents to Google
Protect you and your device from dangerous sites
Use a web service to help resolve spelling errors
Automatically send usage statistics and crash reports to Google
Send a "Do Not Track" request with your browsing traffic

Passwords and forms

Enable Autofill to fill out web forms in a single click. Manage Autofill settings
Offer to save your web passwords. Manage passwords

Web content

Font size:              Very Small             Small             Medium             Large             Very Large            Customize fonts...
Page zoom: 25%33%50%67%75%90%100%110%125%150%175%200%250%300%400%500%

Network

Google Chrome is using your computer's system proxy settings to connect to the network.
Change proxy settings...

Languages

Change how Chrome handles and displays languages. Learn more
Language and input settings...
Offer to translate pages that aren't in a language you read. Manage languages

Downloads

Download location:  Change...
Ask where to save each file before downloading

HTTPS/SSL

Manage certificates...

Google Cloud Print

Set up or manage printers in Google Cloud Print. Learn more
Manage
Show notifications when new printers are detected on the network

Accessibility

System

Continue running background apps when Google Chrome is closed
Use hardware acceleration when available
Hide advanced settings...
Link to post
Share on other sites

OK - After reboot system was clean.   No ping.exe in task manager and no pop-up warnings on blocked web sites. 

Firefox running fine.  Did some work via Foxfire. 

Then started Chrome.   After a few seconds Ping.exe showed up in task manager (along with audio adverts) and pop-ups for blocked website access started again. 

Steve

Link to post
Share on other sites

  • Root Admin

Please fully remove Chrome following this guide. Make sure you export your bookmarks first as this method will remove everything from Chrome.

http://www.wintips.org/how-to-completely-uninstall-re-install-google-chrome/

Then DO NOT reinstall Chrome yet. After you have fully removed Chrome then restart the computer and run a new FRST scan and make sure you put a checkmark in the Additions.txt check box and attach both new logs on your next reply. For now use Firefox until we get you cleaned up.

 

Link to post
Share on other sites

Hi,

Chome has been deleted per the web link article.   Uninstalling chrome, caused chrome to open and then the malware started up.  I ran MBAM cleaned before running FRST64.exe.

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Steve (administrator) on STEVE-SPLIT-X2 (09-09-2016 15:26:50)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: NAormal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404912 2015-10-22] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-10-22] (IDT, Inc.)
HKLM\...\Run: [faribault] => "C:\Program Files (x86)\actus\carvell.exe"
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [Spotify Web Helper] => C:\Users\Steve\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-29] (Spotify Ltd)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [IRS12AUC0C] => "C:\Program Files (x86)\DPower\59CRB48DAE.exe"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Run: [Chromium] => "c:\users\steve\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\RunOnce: [Uninstall C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\MountPoints2: {7810967f-e203-11e5-8283-485ab6b36b20} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2016-09-02]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Sling Media Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2016-09-02]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-09-02]
ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{488e5b26-fa59-4a72-816d-115d9ded13a7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{54baa6fc-806b-406e-a3b8-63e4b594531f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b1222b5-762c-4cf9-8a6f-445c382141e6}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{e366439c-b631-4823-b6bf-c41eabf5bb3d}: [DhcpNameServer] 172.20.10.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-31] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.24/codebase/DVM_IPCam2.ocx
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Avast Search
FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Avast Search
FF SelectedSearchEngine: Avast Search
FF Homepage: hxxps://www.google.com/
FF Keyword.URL: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2221598115-2109861328-2175321649-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-2221598115-2109861328-2175321649-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Steve\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-12] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default\searchplugins\avast-search.xml [2016-09-06]
FF Extension: (WebSlingPlayer) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2016-06-28]
FF Extension: (Firefox Hotfix) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF Extension: (Scrabulizer Importer) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vup3qqfp.default\Extensions\{ca96eaaa-e97d-4e54-b403-b7b5a8557fad}.xpi [2016-05-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-31] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-09] (SurfRight B.V.)
R2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS0187\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-10-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2015-10-22] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268912 2016-06-08] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2015-11-08] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-10-21] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-10-22] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [74864 2016-06-08] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-07-30] (Wondershare)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-02] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 15:26 - 2016-09-09 15:27 - 00023767 _____ C:\Users\Steve\Desktop\FRST.txt
2016-09-09 15:25 - 2016-09-09 15:26 - 02397696 _____ (Farbar) C:\Users\Steve\Downloads\FRST64(1).exe
2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ___HD C:\OneDriveTemp
2016-09-09 13:43 - 2016-09-09 13:43 - 00073375 _____ C:\Users\Steve\Downloads\CMIT_Proforma_Sheet_2016(2).xlsx
2016-09-08 19:21 - 2016-09-08 23:56 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSteve
2016-09-07 22:11 - 2016-09-07 22:11 - 00747800 _____ C:\Users\Steve\Downloads\CHM_Guidelines_2016_V2(2).pdf
2016-09-07 22:11 - 2016-09-07 22:11 - 00747800 _____ C:\Users\Steve\Downloads\CHM_Guidelines_2016_V2(1).pdf
2016-09-07 17:28 - 2016-09-07 17:28 - 00110119 _____ C:\Users\Steve\Desktop\bookmarks_9_7_16.html
2016-09-07 13:22 - 2016-09-07 13:22 - 00003968 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1445568390
2016-09-07 08:03 - 2016-09-07 08:03 - 00000000 ____D C:\WINDOWS\ERDNT
2016-09-07 08:02 - 2016-09-07 08:03 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-09-07 08:02 - 2016-09-07 08:02 - 00001004 _____ C:\Users\Steve\Desktop\NTREGOPT.lnk
2016-09-07 08:02 - 2016-09-07 08:02 - 00000985 _____ C:\Users\Steve\Desktop\ERUNT.lnk
2016-09-07 08:02 - 2016-09-07 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-09-07 07:57 - 2016-09-07 07:57 - 00791393 _____ (Lars Hederer ) C:\Users\Steve\Downloads\erunt-setup(1).exe
2016-09-07 07:54 - 2016-09-07 07:55 - 00791393 _____ (Lars Hederer ) C:\Users\Steve\Downloads\erunt-setup.exe
2016-09-06 16:35 - 2016-09-06 16:36 - 01257552 _____ C:\Users\Steve\Downloads\merged_document(1).pdf
2016-09-06 10:57 - 2016-09-06 11:02 - 02953520 _____ (AVAST Software) C:\Users\Steve\Downloads\avast-browser-cleanup.exe
2016-09-06 10:57 - 2016-09-06 10:59 - 03826240 _____ C:\Users\Steve\Downloads\adwcleaner_6.010.exe
2016-09-06 08:30 - 2016-09-06 08:30 - 00747800 _____ C:\Users\Steve\Downloads\CHM_Guidelines_2016_V2.pdf
2016-09-02 18:14 - 2016-09-02 18:23 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill64.exe
2016-09-02 18:13 - 2016-09-07 07:53 - 00002834 _____ C:\Users\Steve\Desktop\Rkill.txt
2016-09-02 18:11 - 2016-09-01 14:45 - 00313856 _____ C:\Users\Steve\AppData\Local\settings.dll
2016-09-02 18:11 - 2016-09-01 14:45 - 00194048 _____ C:\Users\Steve\AppData\Local\carvell.exe
2016-09-02 16:27 - 2016-09-02 16:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-02 14:24 - 2016-09-02 14:24 - 00002014 _____ C:\Users\Steve\Downloads\mbyte.txt
2016-09-02 14:02 - 2016-09-02 14:02 - 00000240 _____ C:\Users\Steve\Downloads\SearchReg.txt
2016-09-02 13:48 - 2016-09-02 13:49 - 00061320 _____ C:\Users\Steve\Downloads\Addition.txt
2016-09-02 13:47 - 2016-09-09 15:26 - 00000000 ____D C:\FRST
2016-09-02 13:47 - 2016-09-02 13:49 - 00065225 _____ C:\Users\Steve\Downloads\FRST.txt
2016-09-02 13:44 - 2016-09-02 13:47 - 02397696 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2016-09-02 11:32 - 2016-09-02 11:32 - 05660313 _____ (Swearware) C:\Users\Steve\Downloads\ComboFix.exe
2016-09-02 11:20 - 2016-09-02 11:20 - 31930936 _____ (Adlice Software ) C:\Users\Steve\Downloads\setup.exe
2016-09-02 11:03 - 2016-09-02 11:03 - 00000000 ____D C:\WINDOWS\Trend Micro
2016-09-02 11:03 - 2016-09-02 11:03 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-02 11:02 - 2016-09-02 11:02 - 02527376 _____ (Trend Micro Inc.) C:\Users\Steve\Downloads\HousecallLauncher64.exe
2016-09-02 11:02 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-09-02 10:47 - 2016-09-02 10:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2016-09-02 10:36 - 2016-09-02 10:36 - 00000000 ____D C:\ProgramData\Sophos
2016-09-02 10:30 - 2016-09-02 10:31 - 152068736 _____ (Sophos Limited) C:\Users\Steve\Downloads\Sophos Virus Removal Tool.exe
2016-09-02 10:15 - 2016-09-06 11:03 - 00001215 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-02 10:15 - 2016-09-06 11:03 - 00001215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-02 10:14 - 2016-09-02 10:14 - 00242136 _____ C:\Users\Steve\Downloads\Firefox Setup Stub 48.0.2.exe
2016-09-02 10:03 - 2016-09-09 15:26 - 00044298 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-02 10:03 - 2016-09-02 14:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-02 10:03 - 2016-09-02 13:37 - 01608038 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-02 10:03 - 2016-09-02 10:03 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-02 09:57 - 2016-09-02 09:57 - 00005856 _____ C:\WINDOWS\system32\.crusader
2016-09-02 09:55 - 2016-09-02 10:03 - 05295424 _____ ( ) C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup.exe
2016-09-02 09:52 - 2016-09-02 09:58 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-02 09:52 - 2016-09-02 09:52 - 00001973 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-09-02 09:52 - 2016-09-02 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-09-02 09:52 - 2016-09-02 09:52 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-02 08:59 - 2016-09-09 15:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-02 08:59 - 2016-09-02 09:30 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-02 08:59 - 2016-09-02 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-02 08:59 - 2016-09-02 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-02 08:59 - 2016-09-02 08:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-02 08:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-02 08:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-02 08:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-02 08:43 - 2016-09-02 08:43 - 00000000 _____ C:\WINDOWS\SysWOW64\${FILE_SN_DLL}
2016-09-02 08:39 - 2016-09-06 11:01 - 00000000 ____D C:\AdwCleaner
2016-09-02 08:38 - 2016-09-02 08:38 - 01950720 _____ C:\Users\Steve\Downloads\AdwCleaner Setup [1].exe
2016-09-02 07:38 - 2015-06-26 15:08 - 00294400 _____ (CodePlex Community) C:\Users\Steve\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-09-02 00:59 - 2016-09-02 00:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-02 00:59 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-09-02 00:54 - 2016-09-09 13:52 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD70D64C-0206-4BBF-9812-33B4EE85FA46}
2016-09-02 00:30 - 2016-09-02 09:30 - 00001459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-02 00:30 - 2016-09-02 09:30 - 00001453 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-02 00:30 - 2016-09-02 01:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-02 00:30 - 2016-09-02 00:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-02 00:30 - 2016-09-02 00:30 - 00000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-09-02 00:30 - 2016-09-02 00:30 - 00000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-09-02 00:30 - 2016-09-02 00:30 - 00000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-09-02 00:30 - 2016-09-02 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-02 00:30 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-09-01 23:49 - 2016-09-02 00:49 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-09-01 23:48 - 2016-09-02 09:20 - 00000000 ____D C:\WINDOWS\pss
2016-09-01 19:12 - 2016-09-02 09:19 - 00000000 ____D C:\Users\Steve\AppData\Local\Apps\2.0
2016-09-01 14:45 - 2016-09-01 14:45 - 00313856 _____ C:\WINDOWS\settings.dll
2016-09-01 14:45 - 2016-09-01 14:45 - 00194048 _____ C:\WINDOWS\disappointment.exe
2016-09-01 07:37 - 2016-09-01 07:37 - 00359910 ____T C:\Users\Steve\Documents\Adoration Monthly Prayer Assignments.pdf
2016-08-31 21:14 - 2016-09-01 15:55 - 00000000 ___HD C:\WINDOWS\AxInstSV
2016-08-30 11:31 - 2016-09-09 15:13 - 00000688 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job
2016-08-30 11:31 - 2016-09-09 15:13 - 00000592 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job
2016-08-30 11:31 - 2016-08-30 11:31 - 00000000 ____D C:\Users\Steve\AppData\Local\Citrix
2016-08-30 11:30 - 2016-08-30 11:31 - 00321008 _____ (Citrix Online) C:\Users\Steve\Downloads\GoToWebinar Launcher(1).exe
2016-08-30 11:10 - 2016-08-30 11:10 - 00260929 _____ C:\Users\Steve\Downloads\8.1.2.5.rar
2016-08-29 08:35 - 2016-08-29 08:35 - 00000316 _____ C:\Users\Steve\Desktop\Apply For Johnson and Johnson Area Business Specialist, CNS (Cincinnati, Ohio) - Janssen Pharmaceuticals, Inc. job - Selling.URL
2016-08-27 20:43 - 2016-08-27 20:43 - 08136256 _____ (TeamViewer) C:\Users\Steve\Downloads\TeamViewerQS_en (1).exe
2016-08-27 20:42 - 2016-08-27 20:42 - 08136256 _____ (TeamViewer) C:\Users\Steve\Downloads\TeamViewerQS_en.exe
2016-08-26 15:22 - 2016-08-26 15:22 - 00000220 _____ C:\Users\Steve\Desktop\httpjohn15-5.adorationservants.org.URL
2016-08-23 12:56 - 2016-08-23 12:57 - 00355787 _____ C:\Users\Steve\Downloads\linkedin_connections_export_microsoft_outlook(1).csv
2016-08-22 18:46 - 2016-08-22 18:46 - 00322946 _____ C:\Users\Steve\Downloads\30+60+90+Day+Template+-+Final.pptx
2016-08-21 20:51 - 2016-08-21 21:16 - 00000000 ____D C:\Users\Steve\Desktop\New folder (4)
2016-08-20 11:38 - 2016-08-20 11:40 - 00341112 ____T C:\Users\Steve\Desktop\Walmart Pirelli P4 Four Seasons Plus.pdf
2016-08-19 09:05 - 2016-08-19 09:05 - 00073375 _____ C:\Users\Steve\Downloads\CMIT_Proforma_Sheet_2016(1).xlsx
2016-08-18 17:15 - 2016-08-18 17:15 - 00045730 _____ C:\Users\Steve\Desktop\fax rwb_worldwide_2016-08-18_21-07-44.pdf
2016-08-18 15:38 - 2016-08-18 15:38 - 05103963 _____ C:\Users\Steve\Downloads\996981530_28_IKOR_INTERNATIONAL_-_2016_FDD__V7__081816_506361674.pdf
2016-08-18 13:48 - 2016-09-02 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-18 12:28 - 2016-08-18 12:28 - 00000293 _____ C:\Users\Steve\Desktop\JLL Careers - Job details.URL
2016-08-18 10:45 - 2016-08-18 10:45 - 10813322 _____ C:\Users\Steve\Downloads\suck_less_search_pdf.pdf
2016-08-17 14:24 - 2016-08-17 14:24 - 00370807 ____T C:\Users\Steve\Desktop\fax test.pdf
2016-08-17 11:10 - 2016-09-09 09:34 - 00000000 ____D C:\Users\Steve\Documents\Franchise
2016-08-16 18:45 - 2016-08-16 18:45 - 20724029 _____ C:\Users\Steve\Downloads\Op-Manual-MP-C3003-C3503-C4503-C5503-C6003.pdf
2016-08-15 14:25 - 2016-08-15 14:25 - 00704872 _____ C:\Users\Steve\Documents\Scan0001.pdf
2016-08-15 10:32 - 2016-08-15 10:32 - 00073375 _____ C:\Users\Steve\Downloads\CMIT_Proforma_Sheet_2016.xlsx
2016-08-14 18:24 - 2016-08-14 18:24 - 00100675 _____ C:\Users\Steve\Downloads\SOI_List_Template.xlsx
2016-08-14 18:22 - 2016-08-14 18:22 - 01646604 _____ C:\Users\Steve\Downloads\CMIT_Solutions_Frequently_Asked_Questions.pdf
2016-08-14 18:20 - 2016-08-14 18:20 - 00330618 _____ C:\Users\Steve\Downloads\Managed_Services_Whitepaper.pdf
2016-08-14 18:15 - 2016-08-14 18:15 - 00146973 _____ C:\Users\Steve\Downloads\Initial_Investment_2016(1).pdf
2016-08-14 18:00 - 2016-08-14 18:00 - 00358442 _____ C:\Users\Steve\Downloads\Why_a_Business_Not_a_Job.pdf
2016-08-12 12:38 - 2016-08-12 12:38 - 00986528 _____ (Google Inc.) C:\Users\Steve\Downloads\GoogleVoiceAndVideoSetup.exe
2016-08-12 11:24 - 2016-08-12 11:25 - 12063336 _____ (Hewlett-Packard Company ) C:\Users\Steve\Downloads\sp76259.exe
2016-08-10 16:31 - 2016-08-10 16:31 - 18124829 _____ C:\Users\Steve\Downloads\RightatHomeinc.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 15:17 - 2015-12-16 20:42 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-09 15:17 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-09 15:14 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-09 15:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-09 15:14 - 2015-10-21 22:12 - 00000000 ___RD C:\Users\Steve\OneDrive
2016-09-09 15:13 - 2016-01-21 17:11 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job
2016-09-09 15:13 - 2015-12-16 20:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-09 15:13 - 2015-12-16 20:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-09 15:13 - 2015-10-21 22:32 - 00000000 __SHD C:\Users\Steve\IntelGraphicsProfiles
2016-09-09 15:12 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-09 15:10 - 2015-11-03 21:05 - 00000000 ____D C:\Users\Steve\Documents\Outlook Files
2016-09-09 14:07 - 2015-10-21 18:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Packages
2016-09-08 17:10 - 2016-05-06 07:54 - 00000000 ____D C:\Users\Steve\Documents\RWBworldwide
2016-09-08 11:38 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-09-07 18:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\System
2016-09-07 14:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-09-07 13:22 - 2015-10-22 22:45 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 13:16 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-07 12:37 - 2015-12-07 22:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-07 11:06 - 2015-11-04 16:06 - 00000000 ____D C:\Users\Steve\Documents\Resume Data
2016-09-06 08:52 - 2015-10-25 18:39 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Spotify
2016-09-06 08:47 - 2015-10-25 18:40 - 00000000 ____D C:\Users\Steve\AppData\Local\Spotify
2016-09-04 21:36 - 2016-03-04 23:09 - 00000000 ____D C:\Users\Steve\Desktop\Mojo Web Site
2016-09-02 23:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SchCache
2016-09-02 18:30 - 2015-10-30 03:26 - 00000000 ____D C:\WINDOWS\Setup
2016-09-02 16:27 - 2015-12-16 23:36 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-02 10:24 - 2016-03-18 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 09:30 - 2016-06-23 23:36 - 00002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-02 09:30 - 2016-06-23 23:36 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-09-02 09:30 - 2016-04-14 14:12 - 00002214 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Jeans.lnk
2016-09-02 09:30 - 2016-02-11 19:32 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-09-02 09:30 - 2016-01-10 19:55 - 00002125 _____ C:\Users\Public\Desktop\GnuCash.lnk
2016-09-02 09:30 - 2015-12-17 17:28 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-09-02 09:30 - 2015-12-16 20:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-02 09:30 - 2015-12-12 12:19 - 00001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-02 09:30 - 2015-12-12 12:18 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-02 09:30 - 2015-12-07 22:54 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-09-02 09:30 - 2015-11-06 16:21 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-09-02 09:30 - 2015-10-25 18:40 - 00001908 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-02 09:30 - 2015-10-25 08:16 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-02 09:30 - 2015-10-21 22:14 - 00002417 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-02 09:30 - 2013-10-16 12:19 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Connected Music.lnk
2016-09-02 09:30 - 2013-10-16 12:15 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-02 09:30 - 2013-10-16 12:15 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-09-02 09:30 - 2013-10-16 12:08 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
2016-09-02 09:29 - 2015-11-05 15:56 - 00001195 _____ C:\Users\Steve\Desktop\Kernel OST Viewer .lnk
2016-09-02 08:22 - 2013-10-16 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-09-02 07:31 - 2015-10-21 18:01 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2016-09-01 19:33 - 2015-12-16 20:42 - 00000000 ____D C:\Users\Steve
2016-09-01 15:51 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-08-31 22:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-31 22:37 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-30 22:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-30 07:29 - 2015-11-06 18:36 - 00000000 ____D C:\Users\Steve\AppData\Roaming\KeePass
2016-08-30 07:29 - 2015-11-04 14:00 - 00000000 ____D C:\Users\Steve\Documents\KeePass2
2016-08-27 21:08 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-27 21:07 - 2013-10-16 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-27 20:58 - 2015-12-07 22:54 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2016-08-23 17:01 - 2016-01-12 14:55 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\WebEx
2016-08-12 15:55 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 11:48 - 2015-11-13 08:35 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Skype
2016-08-12 11:44 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 11:38 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 10:49 - 2013-08-31 23:49 - 00000000 ____D C:\SWSetup
2016-08-12 00:07 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-12 00:07 - 2015-10-22 20:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 23:59 - 2015-10-22 20:49 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-11-11 16:38 - 2015-11-11 16:38 - 0025553 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values.ADR
2016-07-04 20:24 - 2016-07-04 20:24 - 0000000 _____ () C:\Users\Steve\AppData\Roaming\WbspInstallerTempFileToBeDeleted.txt
2016-09-02 18:11 - 2016-09-01 14:45 - 0194048 _____ () C:\Users\Steve\AppData\Local\carvell.exe
2016-09-02 07:38 - 2015-06-26 15:08 - 0294400 _____ (CodePlex Community) C:\Users\Steve\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-01-10 20:25 - 2016-01-10 20:25 - 0001780 _____ () C:\Users\Steve\AppData\Local\recently-used.xbel
2016-09-02 18:11 - 2016-09-01 14:45 - 0313856 _____ () C:\Users\Steve\AppData\Local\settings.dll
2015-12-17 17:28 - 2015-12-17 17:28 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\HPInstaller.exe
C:\Users\Steve\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Steve\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-31 22:37

==================== End of FRST.txt ============================

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Steve (09-09-2016 15:27:54)
Running from C:\Users\Steve\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-17 00:54:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2221598115-2109861328-2175321649-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2221598115-2109861328-2175321649-503 - Limited - Disabled)
Guest (S-1-5-21-2221598115-2109861328-2175321649-501 - Limited - Disabled)
Steve (S-1-5-21-2221598115-2109861328-2175321649-1001 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Family Paint (HKLM-x32\...\{8393D59B-D45F-470B-90EB-EEA15E664AE7}) (Version: 1.0.5.243 - ArcSoft)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blue Jeans (HKLM-x32\...\{12E34510-9DBD-457A-8645-5E12956602E9}) (Version: 1.10.22 - Blue Jeans)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bookworm Adventures Volume 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Byki (x32 Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Express (HKLM-x32\...\Byki Express) (Version: 4.1 - Transparent Language, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Cozi (HKLM-x32\...\{EC8228E5-80A1-42EE-BA03-DE19D8D5A1E0}) (Version: 2.0.8722.42485 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DISH Anywhere Slingplayer Installer (x32 Version: 1.1.0.384 - Sling Media) Hidden
DISH Anywhere Video Player (HKLM-x32\...\{19A59152-3EA7-4631-9A11-5D2DBEF29780}) (Version: 2.29.3 - DISH Anywhere)
DishAnywhereDesktop (HKLM-x32\...\{64ce7194-0a6e-4b76-90e5-432d8106504f}) (Version: 1.1.0.384 - Sling Media)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
GnuCash 2.6.9 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.22.0.5506 (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\GoToMeeting) (Version: 7.22.0.5506 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.276 - SurfRight B.V.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{5F852577-14FC-4C5D-9279-CFA90D712FCB}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Kernel OST Viewer ver 15.0 (HKLM-x32\...\Kernel OST Viewer_is1) (Version:  - Lepide Software Pvt.Ltd.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2063 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monopoly version 1.00.00.594394 (HKLM-x32\...\{d176ba37-928e-4b25-9a62-78b2c73331f8}_is1) (Version: 1.00.00.594394 - EA)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MyFFVideoConverter (HKLM-x32\...\MyFFVideoConverter) (Version: 1.0.0.0 - Pergel.hu)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1036 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1036 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1036 - Microsoft Corporation) Hidden
Opera Stable 39.0.2256.71 (HKLM-x32\...\Opera 39.0.2256.71) (Version: 39.0.2256.71 - Opera Software)
PdaNet+ for Android 4.18 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.57.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 3375.110 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SimplePiano (remove only) (HKLM-x32\...\SimplePiano) (Version:  - )
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Slingplayer for Web Installer (x32 Version: 1.2.7.358 - Sling Media) Hidden
SlingplayerForWeb (HKLM-x32\...\{62a74667-8e59-4fbc-9417-ad041a630066}) (Version: 1.2.7.358 - Sling Media)
Spotify (HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02940F68-90D9-4A70-A697-F289725B9E7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {09B5AFF5-1A79-4F6D-AD61-6B041D41507A} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19828BE8-181C-452A-B2CA-A663B7508256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {1C00B6DA-E484-4A1D-BFE4-392CCE973648} - \G2MUploadTask-S-1-5-21-2221598115-2109861328-2175321649-1001 -> No File <==== ATTENTION
Task: {22B7E457-7638-498A-94FE-9E21DD13EDCB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {33BAA670-48FD-48A8-8512-465295168F88} - \GarminUpdaterTask -> No File <==== ATTENTION
Task: {416B6139-AA5C-4ECB-B381-C5564FF5E2E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-01] (Microsoft Corporation)
Task: {42C98737-909E-4866-B1DE-8D8ED0112F4C} - \HPCustParticipation HP Officejet Pro 8610 -> No File <==== ATTENTION
Task: {47A0C646-C75F-4B9B-AFA0-84DE0C8ABE40} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {4DB8C1C5-8D00-4875-A972-205919238805} - \G2MUpdateTask-S-1-5-21-2221598115-2109861328-2175321649-1001 -> No File <==== ATTENTION
Task: {752D4054-9117-4B7B-A37A-CA3878C2273B} - \Optimize Start Menu Cache Files-S-1-5-21-2221598115-2109861328-2175321649-500 -> No File <==== ATTENTION
Task: {7DF9EE71-6DEE-400B-B6C2-E2EA26FAF05B} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {7FB4B434-7419-4521-BFEA-F8D6412A9B27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {8C8DE422-B1F3-4111-BB17-12967A473981} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {91BA9673-BAB4-4444-85B3-EF5AE916E305} - \SmartShare -> No File <==== ATTENTION
Task: {B2E7149C-6382-4F1C-892E-777BB33BAA79} - System32\Tasks\Opera scheduled Autoupdate 1445568390 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-05] (Opera Software)
Task: {C43C2F13-4750-4A0E-AF71-0F0EAFF61B21} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-01] (Microsoft Corporation)
Task: {C6C8FAB5-0C14-4FEC-BD19-05853FFEDE8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-01] (Microsoft Corporation)
Task: {C87FCA00-2EFA-4C61-A767-895BCD6A2A48} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {E7AFCA96-4884-491D-B6F7-A9167FD50090} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {EC1AFA24-5230-44CD-80AF-CFD3C34A4C5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {EDBAACA4-47AE-4CF3-93CD-F010AD96C017} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-31] (Microsoft Corporation)
Task: {FE990390-F3B7-47A8-AC8E-3CC4F908F443} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-31] (Microsoft Corporation)
Task: {FEDC2C76-EB0B-4775-B0AD-CA609B77678D} - \Optimize Start Menu Cache Files-S-1-5-21-2221598115-2109861328-2175321649-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job =>
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5506\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2221598115-2109861328-2175321649-1001.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\5506\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job =>
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job =>
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-08 08:23 - 2016-07-31 05:48 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-07-13 07:37 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-22 20:58 - 2015-10-22 20:58 - 00404912 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-13 07:37 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-22 20:49 - 2016-08-22 20:49 - 01864384 _____ () C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-05-08 08:27 - 2016-07-31 09:27 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 07:16 - 2016-04-19 07:16 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-13 07:37 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 07:37 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 07:37 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 07:37 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-18 07:52 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 07:39 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-11-23 07:08 - 2015-09-03 15:44 - 01058616 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-07-31 14:54 - 2016-07-31 14:54 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-09-02 00:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-02 00:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-02 00:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-02 00:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-02 00:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-08 08:27 - 2016-07-31 07:57 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-04-19 07:16 - 2016-04-19 07:16 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:16 - 2016-04-19 07:17 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-22 20:49 - 2016-08-22 20:49 - 01383616 _____ () C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-22 20:49 - 2016-08-22 20:49 - 00118976 _____ () C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2015-01-13 16:45 - 2015-01-13 16:45 - 40578048 _____ () C:\Program Files (x86)\DishAnywhereDesktop\libcef.dll
2015-12-03 11:21 - 2015-12-03 11:21 - 40578048 _____ () C:\Program Files (x86)\Sling Media\SlingplayerForWeb\libcef.dll
2015-12-03 11:21 - 2015-12-03 11:21 - 01920000 _____ () C:\Program Files (x86)\Sling Media\SlingplayerForWeb\ffmpegsumo.dll
2015-01-13 16:45 - 2015-01-13 16:45 - 01920000 _____ () C:\Program Files (x86)\DishAnywhereDesktop\ffmpegsumo.dll
2015-11-28 18:26 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\garmin.com -> hxxps://my.garmin.com
IE trusted site: HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\wordle.net -> hxxps://www.wordle.net

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-09-02 07:37 - 00001010 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "faribault"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\StartupApproved\Run: => "IRS12AUC0C"
HKU\S-1-5-21-2221598115-2109861328-2175321649-1001\...\StartupApproved\Run: => "kozma"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{76F6D9EC-26C1-45A3-A3E0-45746147D442}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5426E4B7-480B-4E97-A12F-AF43AB344813}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3F06588-1AD9-4A72-964B-2B5157E8FFF9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A93BE479-007B-4E7A-A4B6-9BB64330B239}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA6D6E77-0DD9-4BE7-B3E1-9ECF53C1C194}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7794176B-3A48-4942-9823-6CB54A84107D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2663DD07-706F-4A66-A4A2-A20CA8858A85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEE6B7E2-812B-49DB-AB8B-6158F0B93316}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5C08E6F-44BA-4199-B7F9-D50C55AF35E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{04FF4C40-77D5-4517-911B-A16A9660251E}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E8594489-F06F-479F-82E3-EA718C0343F7}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{13D6C8F6-2B68-4396-94F9-E5EAA95392B2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{9B7D2E36-3DCE-43C3-A3A3-6CD927A29505}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{33BAFCD6-19FC-4FC0-8538-535993D55E2E}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [TCP Query User{169CBFA5-8F9E-4F64-BDD7-78533CF12835}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{1B609FA4-2A12-489E-AF41-31F799CD7E48}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [TCP Query User{CD46FD49-A72F-45F6-91BC-F336A7E2E6DC}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [{18C07216-136D-45D6-8B77-239F92B7E7E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D6F6B990-1C63-4358-8217-D90F8F52F3A0}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E2A84E87-396A-4848-A0E1-15A19FE00D59}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C05ACE9A-7119-483F-9190-D9D71F251374}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{215B4E2E-C7D9-4692-A521-217B33FCD927}] => (Allow) LPort=2869
FirewallRules: [{30CE10FE-CC1B-4D6F-A476-50D356714537}] => (Allow) LPort=1900
FirewallRules: [{1996AE36-20AC-4A67-84CB-B7914FD961D2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{26AF7472-CA24-4BA4-A633-6D331160BDBA}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E55B12EE-99C1-4969-83E3-A8BAA0969E1B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{65AD5E75-BC55-4CBC-B25C-ABB78B3BDF8B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{979C2B52-B08D-462E-9968-789BF25D90EF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{60B1080B-AD9D-47A1-AC73-602E5103D53B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{36DA00D6-A3E7-4EB0-950C-3057936977EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{13848EEA-76BA-461B-A4E8-5D53D7038675}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0130353-D5B9-4ED6-9799-0937A4F4F65D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BDF3FBB-9088-4691-BA0B-260BBA5E0004}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{094EE917-BB3A-492D-BC14-53F6193B30A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C4FF9712-60D5-4B9F-897C-280E5C28A247}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{267AEAB5-A5A2-4AE7-8DCC-D276343177C5}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS0187\hppiw.exe
FirewallRules: [{8335D25B-B2BB-46B7-BDC0-F8DE581A3F95}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS0187\hppiw.exe
FirewallRules: [{E3B63B22-5170-400B-8296-D88307D406C6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{9B61F742-F736-4F3E-9B96-D0E01E7E8B02}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{3BAF6F9D-62CA-4136-B57A-17CD96307727}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{31232DA8-0DD8-4398-AC6B-8856771CD2E6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{290C13A9-4916-4975-A84C-33F6457515FF}] => (Allow) LPort=5357
FirewallRules: [{67B529A1-8EBB-4A25-B62D-788CBF8C9289}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{E69FCBC5-041F-4281-B28C-844E8B6C70AA}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [UDP Query User{91E22D2F-FBC5-484E-AA4B-A02C7A327DC8}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [{6FED3A5F-9677-4430-84DC-8F236D46F8C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BFB8633-26D5-4466-AFF1-1C51787B8EEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{846F6B5E-7233-46F0-8EE3-79C0A30E89B2}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Allow) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{448498B2-47B4-4E84-AE17-8B976069D332}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Allow) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [TCP Query User{D8FA3EA8-20F4-44D0-9DE7-2B8BB981F2DE}C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [UDP Query User{EFF5C9B9-1671-4551-8BF4-6D1EB3D39866}C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\steve\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [{891D766F-2040-41BD-9A23-A0B6374E16B9}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS459F\HPDiagnosticCoreUI.exe
FirewallRules: [{F2578D8B-95ED-4217-BC90-D5E6B90DE9B9}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS459F\HPDiagnosticCoreUI.exe
FirewallRules: [{F4880976-7F09-4380-921B-7AA9A354CF31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2329453D-F21C-4BD1-9880-2C5291263F5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC2D753F-C4B0-4984-8549-957C5EB0AC1F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4363EEBC-84FA-4C24-B0E6-C3B23CC46064}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2D9A3BFE-FB4E-4BE2-8192-EFD5B0376D33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{0A811D6F-368D-4B5D-A22E-A4998D7F051B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{7AD2BC93-7F4A-4BEE-9F76-FA0B570132E3}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{CD295A4B-C521-478A-99F7-860F17572EB4}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{BC54E356-BE60-4289-8ABC-9EDA361608E2}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{D47099B2-3777-4224-AE1F-8C9713BD81D9}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{1BDBF9CA-24BA-4317-932B-26D921A94C54}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{932CE933-F297-499B-8132-E656A6839C7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{12F09071-CB57-439E-B03B-19E7BF021516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0054481D-ECC7-447A-822D-19D858DDDA80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FE63E93C-A3FE-4F4F-820B-80E5A4E7E5F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3D890FD4-97FA-4AF7-B142-C2B3C6E73468}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{160639E4-F9CF-4CAE-BF36-27B2C48EA80F}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{70530226-5C5D-4970-B2A5-F05151521009}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{BD159D5B-EE6C-4884-9CBB-B6B388330D79}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{31BB6551-303C-4C1F-B59E-896AB89EE147}] => (Allow) C:\Users\Steve\AppData\Local\ddnowyes.exe
FirewallRules: [{B67C7528-4760-443C-9E02-46E41FD8A4F9}] => (Allow) C:\Users\Steve\AppData\Local\Temp\nsf9799.tmp\setup.exe
FirewallRules: [{C5A344A6-5F8B-4761-83CD-DF5D9F76F77F}] => (Allow) C:\Users\Steve\AppData\Local\86947498.exe
FirewallRules: [{81C8EB87-D53E-4E32-B89E-1BCE26B30E0F}] => (Allow) C:\Users\Steve\AppData\Local\tinstall.exe
FirewallRules: [{365894D8-CFDD-4819-B2DF-1761A84561ED}] => (Allow) C:\Users\Steve\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{2A9E2A5E-2BD4-4765-9578-77C770E061A6}] => (Allow) C:\Users\Steve\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{F16B85B2-2DE7-4215-99A7-A43DF261766D}] => (Allow) C:\Program Files (x86)\actus\carvell.exe
FirewallRules: [TCP Query User{965D539F-8C29-4EB3-9C46-8A9CBD9692B5}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{085C406A-1D62-430F-948D-4558F1065575}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{73A5FAE4-1A74-49CD-89FC-5AF2681CEFF2}] => (Allow) C:\Users\Steve\AppData\Local\Chromium\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D7400 series
Description: Photosmart D7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2016 03:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.9.10586.494, time stamp: 0x5775ea45
Faulting module name: mpsvc.dll, version: 4.9.10586.494, time stamp: 0x5775e2d8
Exception code: 0xc0000005
Fault offset: 0x00000000000188f4
Faulting process id: 0xf68
Faulting application start time: 0x01d20ace3bb08a4d
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\Program Files\Windows Defender\mpsvc.dll
Report Id: d579a51d-3d40-4578-a98d-da114fdf89e5
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2016 03:14:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: STEVE-SPLIT-X2)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (09/09/2016 07:58:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/09/2016 12:14:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1375

Error: (09/09/2016 12:14:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1375

Error: (09/09/2016 12:14:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/08/2016 11:49:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7963860

Error: (09/08/2016 11:49:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7963860

Error: (09/08/2016 11:49:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/08/2016 11:49:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7959969


System errors:
=============
Error: (09/09/2016 03:22:41 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:22:41 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:22:40 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:22:40 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:22:40 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:22:40 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:22:40 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:19:36 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:19:36 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 03:19:36 PM) (Source: DCOM) (EventID: 10016) (User: STEVE-SPLIT-X2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Steve-Split-x2\Steve SID (S-1-5-21-2221598115-2109861328-2175321649-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-09-09 15:14:45.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 14:26:52.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTcli.exe that did not meet the Microsoft signing level requirements.

  Date: 2016-09-01 19:15:48.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:48.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:43.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:41.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:41.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:17.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:17.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 19:15:15.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4020Y CPU @ 1.50GHz
Percentage of memory in use: 62%
Total physical RAM: 4028.15 MB
Available physical RAM: 1510.95 MB
Total Virtual: 7612.15 MB
Available Virtual: 4589.62 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:106.33 GB) (Free:26.06 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.36 GB) (Free:1.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:29.27 GB) (Free:19.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0F3E11DE)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Please temporarily uninstall "Spybot - Search & Destroy 2" as it can interfere with the cleanup processes.
Then restart the computer again and run a new FRST scan and ATTACH logs. Please don't copy/paste logs as the forum software can sometimes post invalid characters or data.

Thanks

 

Link to post
Share on other sites

  • Root Admin

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Thanks

 

 

 

Link to post
Share on other sites

OK.  I went to the System Properties applet and then to the System Protection Tab.  The option to create a restore point was greyed out.  So, I looked under Configure... and the "Disable system protection" radio button was selected.   I switched it to Turn on system protection and allocated 3GB of Disk Space.   Hit apply, then OK.   I was able to create a restore point with out any issues.

 

 

RestorePoint OK.JPG

Link to post
Share on other sites

  • Root Admin

Well, I'm probably too late but not what I wanted. Wanted to make sure the computer was good first.  Then we would go in and surgically remove all traces of Chrome. But since it's been 18 hours I'm guessing you've reinstalled and more than likely still having an issue with Chrome.

Let me know though please, thanks

Ron

 

Link to post
Share on other sites

HI Ron,

Thanks.  I have re-installed and used Chrome and everything seems to be working fine.   I did not get an pop-up warnings about a blocked website from carvell.exe and ping.exe and associated programs do not show up in taskmgr.  So I am thinking the machine is OK at this point.

Steve

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.