Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Browser home page Hijack

Solved 
4K views 18 replies 2 participants last post by  captharry 
#1 ·
I've recently installed Final Media Player and was careful not to select any of the unwanted 'options' but nevertheless the next time I turned my computer on my browser home page had been changed from Google to Yahoo. I amended it in the settings but each time I go to Home it briefly shows the Google home page then switches to Yahoo. I'm running Windows 10 and using Chrome as my browser. Interestingly, if I use IE10 (which I don't like) it still goes to Google!

I've run Malwarebytes and cleared out some PUPs but this hasn't fixed the problem.

Grateful for any suggestions.
 
#2 ·
Step 1
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

 
#3 ·
Right I've done this. Already had Adw Cleaner on my machine. After the scan it came up with an error message 'Critical Error Start Menu and Cortana aren't working. We'll try and fix it next time you sign in' It offered me a 'sign out' button which just cleared Adw and took me back to my sign in page. I ran Adw again and noticed the only error was under Chrome. I selected Clean and after reboot I checked and my Chrome browser still goes to Yahoo. This is the Adw report:

# AdwCleaner v4.109 - Report created 01/12/2015 at 12:07:07

# Updated 24/01/2015 by Xplode

# Database : 2015-11-30.1 [Live]

# Operating System : Windows 10 Home (64 bits)

# Username : Harry - HARRYPC

# Running from : C:\Program Files (x86)\Adwcleaner\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.10240.16412

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v46.0.2490.86

[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVxbAlxIQlYQbV8PUQ1cFQMachRZBQ8SDAZHIl1aAA9HQAQbeR9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVxbAlxIQlYQbV8PUQ1cFQMachRZBQ8SDAZHIl1aAA9HQAQbeR9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}

*************************

AdwCleaner[R13].txt - [869 octets] - [07/03/2014 09:35:37]

AdwCleaner[R14].txt - [4193 octets] - [15/01/2015 08:00:49]

AdwCleaner[R15].txt - [3328 octets] - [24/01/2015 15:29:07]

AdwCleaner[R16].txt - [3706 octets] - [01/12/2015 09:09:56]

AdwCleaner[R17].txt - [1709 octets] - [01/12/2015 11:29:31]

AdwCleaner[R18].txt - [1681 octets] - [01/12/2015 11:54:14]

AdwCleaner[S10].txt - [930 octets] - [07/03/2014 09:36:28]

AdwCleaner[S11].txt - [4972 octets] - [15/01/2015 08:04:51]

AdwCleaner[S12].txt - [3315 octets] - [24/01/2015 15:34:30]

AdwCleaner[S13].txt - [3113 octets] - [01/12/2015 10:03:25]

AdwCleaner[S14].txt - [2060 octets] - [01/12/2015 11:45:17]

AdwCleaner[S15].txt - [1870 octets] - [01/12/2015 12:07:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S15].txt - [1931 octets] ##########
 
#4 ·
please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 64 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
#5 ·
OK here the first log (both logs together exceeded the allowed size) :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by Harry (administrator) on HARRYPC (01-12-2015 15:46:17)
Running from C:\Users\Harry\Downloads
Loaded Profiles: Harry (Available Profiles: Harry & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Gacela\Gacela-Reporting.exe
() C:\Program Files (x86)\Gacela\Gacela-Updater.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Harry\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Harry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(CANON INC.) C:\Windows\System32\CNAC5RPD.EXE
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\NielsenOnline64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM-x32\...\Run: [DTVR Agent] => C:\Program Files (x86)\TEVION Multimedia\DVB-T PLUS\DTVR\Scheduled.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [194400 2015-09-25] (The Nielsen Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-11-23] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\Run: [Spotify Web Helper] => C:\Users\Harry\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-25] (Spotify Ltd)
HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\Run: [Dropbox Update] => C:\Users\Harry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\MountPoints2: {24df1e9d-0f26-11df-a25f-806e6f6e6963} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2010-02-06]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c4b39daa-fb01-4f75-9066-fb9fa1f8d31e}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKLM-x32 - Gacela - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\Gacela\Gacela2.dll [2010-03-01] (nurago GmbH)
Toolbar: HKLM-x32 - Tango - {F9D6C8E8-770A-4F02-AE5C-FB85581551CD} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
Toolbar: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {86A88967-7A20-11D2-8EDA-00600818EDB1} hxxp://www.parallelgraphics.com/l2/bin/cortona3d60_179.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\gvenzk1f.default
FF Homepage: user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll [2010-08-09] (ParallelGraphics)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll [2010-08-09] (ParallelGraphics)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-06] (Apple Inc.)
FF Extension: No Name - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpi [not found]
FF Extension: Search Know - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\gvenzk1f.default\Extensions\{879b3b48-954e-408f-89af-244dad65164f}.xpi [2015-11-30] [not signed]
FF HKLM\...\Firefox\Extensions: [gacela2@nurago.com] - [INSTALLDIR] => not found
FF HKLM-x32\...\Firefox\Extensions: [gacela2@nurago.com] - C:\Program Files (x86)\Gacela
FF Extension: Gacela - C:\Program Files (x86)\Gacela [2012-05-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\FirefoxAddOns\netsight@nielsen.xpi [2015-12-01]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVxbAlxIQlYQbV8PUQ1cFQMachRZBQ8SDAZHIl1aAA9HQAQbeR9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFBAI1wBAlpCDFMUcA0VVQ9IExhCJA9bTAoVQ1FBIQ8OAAhJGBNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXIfTkI=
CHR Profile: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-05]
CHR Extension: (Google Docs) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-05]
CHR Extension: (Google Drive) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Rapport) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-09-05]
CHR Extension: (YouTube) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Nielsen NetSight) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2015-09-06]
CHR Extension: (Google Search) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-05]
CHR Extension: (Gmail) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-05]
CHR HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-02-06] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-02-04] (Macrovision Europe Ltd.) [File not signed]
R2 Gacela-Reporting-Service; C:\Program Files (x86)\Gacela\Gacela-Reporting.exe [102400 2010-03-04] () [File not signed]
R2 Gacela-Update-Service; C:\Program Files (x86)\Gacela\Gacela-Updater.exe [180224 2010-03-04] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-09] (Microsoft Corporation)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3169120 2015-09-25] (The Nielsen Company)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-11-12] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-08-02] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\appobserver64.sys [15200 2015-09-25] (The Nielsen Company)
R3 AVerA706_x64; C:\Windows\system32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVerBDA3x_x64; C:\Windows\System32\DRIVERS\AVerBDA3x_x64.sys [1715968 2007-03-05] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R3 cmuda3; C:\Windows\system32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-09-15] (Digiarty Software, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1854976 2008-02-14] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [26464 2015-09-25] (The Nielsen Company)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 RapportCerberus_1507076; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507076.sys [959416 2015-11-24] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-11-12] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-11-12] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-11-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-11-12] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 tpg64win7; C:\Windows\System32\drivers\tpg64win7.sys [648808 2012-02-21] (TP-LINK TECHNOLOGIES CO., LTD)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 15:47 - 2015-12-01 15:47 - 00000000 ___HT C:\Users\Harry\~archive.pst.tmp
2015-12-01 15:46 - 2015-12-01 15:47 - 00026345 _____ C:\Users\Harry\Downloads\FRST.txt
2015-12-01 15:45 - 2015-12-01 15:45 - 02350080 _____ (Farbar) C:\Users\Harry\Downloads\FRST64.exe
2015-12-01 14:42 - 2015-12-01 14:42 - 00000000 ___HD C:\OneDriveTemp
2015-12-01 14:41 - 2015-12-01 14:41 - 00016148 _____ C:\WINDOWS\system32\HARRYPC_Harry_HistoryPrediction.bin
2015-12-01 07:53 - 2015-12-01 07:57 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-30 15:12 - 2015-11-30 15:12 - 00016259 _____ C:\Users\Harry\Downloads\20D4BB8E93E9DC251A90358B2BA9B5A762B3FBF6.torrent
2015-11-30 13:29 - 2015-11-30 13:29 - 00019143 _____ C:\Users\Harry\Downloads\802F11D0CC8C8AE86B35F050BA93065BB6D31199.torrent
2015-11-30 13:08 - 2015-11-30 13:08 - 00016913 _____ C:\Users\Harry\Downloads\D9633AC7BC1F851220708AAC489FA9CD42170793.torrent
2015-11-30 12:17 - 2015-11-30 12:17 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\FinalMediaPlayer.lnk
2015-11-30 12:16 - 2015-11-30 12:16 - 07634856 _____ (Bitberry Software ) C:\Users\Harry\Downloads\FinalMediaPlayer2014U1Setup [1].exe
2015-11-30 11:58 - 2015-11-30 11:58 - 00012251 _____ C:\Users\Harry\Downloads\BF0775B5A7A81D28DFC71CBEE734164ECD76250D.torrent
2015-11-30 11:41 - 2015-11-30 11:41 - 00027390 _____ C:\Users\Harry\Downloads\71AEBDD8DF73D72C1B7A878A879CB160E33F7F54.torrent
2015-11-30 11:40 - 2015-11-30 16:03 - 00000000 ____D C:\Users\Harry\AppData\LocalLow\uTorrent
2015-11-30 11:40 - 2015-11-30 11:40 - 00040368 _____ C:\Users\Harry\Downloads\39DDAAAA07EEA6E6BE4FC8A486B3173925D382CA.torrent
2015-11-25 15:46 - 2015-11-25 15:46 - 03198976 _____ (Moo0) C:\Users\Harry\Downloads\Moo0_VoiceRecorder_v1.43_Installer.exe
2015-11-25 15:40 - 2015-11-25 15:40 - 00029484 _____ C:\Users\Harry\Downloads\A45296AC806F689C255AF310A584392C470AE91F.torrent
2015-11-25 10:40 - 2015-11-25 10:40 - 00004684 _____ C:\Users\Harry\Downloads\CAE2DF11449880C3461D4FAAC31F78A7A84C820B.torrent
2015-11-25 10:40 - 2015-11-25 10:40 - 00004684 _____ C:\Users\Harry\Downloads\CAE2DF11449880C3461D4FAAC31F78A7A84C820B (1).torrent
2015-11-24 11:03 - 2015-11-24 11:03 - 00002461 _____ C:\Users\Harry\Downloads\F545DBBFA033170FEE00F9A2653441472A454937.torrent
2015-11-19 16:08 - 2015-11-19 16:08 - 00003398 _____ C:\Users\Harry\Downloads\E6F40E8D7F5C7A740A3B68C072320C588241CA15.torrent
2015-11-19 16:07 - 2015-11-19 16:07 - 00003446 _____ C:\Users\Harry\Downloads\FBE598389F58D792727EF1998A6A0CB6C1CCBEBF.torrent
2015-11-19 07:28 - 2015-11-19 07:28 - 01006088 _____ C:\Users\Harry\AppData\LocalLow\effE50E.00c
2015-11-19 07:28 - 2015-11-19 07:28 - 00991536 _____ C:\Users\Harry\AppData\LocalLow\effE50E.00d
2015-11-19 07:28 - 2015-11-19 07:28 - 00940484 _____ C:\Users\Harry\AppData\LocalLow\effE50E.016
2015-11-19 07:28 - 2015-11-19 07:28 - 00915212 _____ C:\Users\Harry\AppData\LocalLow\effE50E.019
2015-11-19 07:28 - 2015-11-19 07:28 - 00796632 _____ C:\Users\Harry\AppData\LocalLow\effE50E.01a
2015-11-19 07:28 - 2015-11-19 07:28 - 00240588 _____ C:\Users\Harry\AppData\LocalLow\effE50E.015
2015-11-19 07:28 - 2015-11-19 07:28 - 00224404 _____ C:\Users\Harry\AppData\LocalLow\effE50E.013
2015-11-19 07:28 - 2015-11-19 07:28 - 00180740 _____ C:\Users\Harry\AppData\LocalLow\effE50E.010
2015-11-19 07:28 - 2015-11-19 07:28 - 00163476 _____ C:\Users\Harry\AppData\LocalLow\effE50E.014
2015-11-19 07:28 - 2015-11-19 07:28 - 00157360 _____ C:\Users\Harry\AppData\LocalLow\effE50E.017
2015-11-19 07:28 - 2015-11-19 07:28 - 00150480 _____ C:\Users\Harry\AppData\LocalLow\effE50E.00a
2015-11-19 07:28 - 2015-11-19 07:28 - 00150480 _____ C:\Users\Harry\AppData\LocalLow\effE50E.009
2015-11-19 07:28 - 2015-11-19 07:28 - 00135904 _____ C:\Users\Harry\AppData\LocalLow\effE50E.004
2015-11-19 07:28 - 2015-11-19 07:28 - 00083740 _____ C:\Users\Harry\AppData\LocalLow\effE50E.007
2015-11-19 07:28 - 2015-11-19 07:28 - 00078236 _____ C:\Users\Harry\AppData\LocalLow\effE50E.00e
2015-11-19 07:28 - 2015-11-19 07:28 - 00077884 _____ C:\Users\Harry\AppData\LocalLow\effE50E.006
2015-11-19 07:28 - 2015-11-19 07:28 - 00074440 _____ C:\Users\Harry\AppData\LocalLow\effE50E.005
2015-11-19 07:28 - 2015-11-19 07:28 - 00073856 _____ C:\Users\Harry\AppData\LocalLow\effE50E.008
2015-11-19 07:28 - 2015-11-19 07:28 - 00061832 _____ C:\Users\Harry\AppData\LocalLow\effE50E.00f
2015-11-19 07:28 - 2015-11-19 07:28 - 00059976 _____ C:\Users\Harry\AppData\LocalLow\effE50E.00b
2015-11-19 07:28 - 2015-11-19 07:28 - 00055464 _____ C:\Users\Harry\AppData\LocalLow\effE50E.018
2015-11-19 07:28 - 2015-11-19 07:28 - 00045260 _____ C:\Users\Harry\AppData\LocalLow\effE50E.012
2015-11-19 07:28 - 2015-11-19 07:28 - 00045260 _____ C:\Users\Harry\AppData\LocalLow\effE50E.011
2015-11-19 07:28 - 2015-11-19 07:28 - 00037432 _____ C:\Users\Harry\AppData\LocalLow\effE50E.01c
2015-11-19 07:28 - 2015-11-19 07:28 - 00037432 _____ C:\Users\Harry\AppData\LocalLow\effE50E.01b
2015-11-19 07:27 - 2015-11-19 07:27 - 00142932 _____ C:\Users\Harry\AppData\LocalLow\effE50E.003
2015-11-19 07:27 - 2015-11-19 07:27 - 00076252 _____ C:\Users\Harry\AppData\LocalLow\effE50E.001
2015-11-19 07:27 - 2015-11-19 07:27 - 00074656 _____ C:\Users\Harry\AppData\LocalLow\effE50E.002
2015-11-19 06:47 - 2015-11-19 06:47 - 00000000 _____ C:\Users\Harry\AppData\Local\{9AB3004A-5DC2-4D8C-B023-51D20F881F5C}
2015-11-17 15:38 - 2015-11-17 15:38 - 00018807 _____ C:\Users\Harry\Downloads\49EEE8EC793E388A367BB333D9D15621A443671E.torrent
2015-11-17 15:20 - 2015-11-17 15:20 - 00020233 _____ C:\Users\Harry\Downloads\51EB9DB3042DF8C5AEE184C2879C8208F5C9913E.torrent
2015-11-17 15:17 - 2015-11-17 15:17 - 00013228 _____ C:\Users\Harry\Downloads\E929547A9328CB85055ED0BF3DD982CD3433FEF1.torrent
2015-11-17 07:27 - 2015-11-17 07:27 - 00024887 _____ C:\Users\Harry\Downloads\A6FF2FE32F312A4801509ED16324D8E8371FEF9F.torrent
2015-11-14 07:39 - 2015-11-27 17:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-14 07:39 - 2015-11-14 07:39 - 00002132 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-13 11:34 - 2015-11-13 11:34 - 00442209 _____ C:\Users\Harry\Downloads\PolicyDocument (8).pdf
2015-11-13 11:29 - 2015-11-13 11:29 - 00927840 _____ C:\Users\Harry\Downloads\PolicyDocument (7).pdf
2015-11-13 11:28 - 2015-11-13 11:28 - 00316633 _____ C:\Users\Harry\Downloads\PolicyDocument (6).pdf
2015-11-13 11:27 - 2015-11-13 11:27 - 00524373 _____ C:\Users\Harry\Downloads\PolicyDocument (5).pdf
2015-11-13 11:27 - 2015-11-13 11:27 - 00316633 _____ C:\Users\Harry\Downloads\PolicyDocument (4).pdf
2015-11-13 11:26 - 2015-11-13 11:26 - 00316633 _____ C:\Users\Harry\Downloads\PolicyDocument (3).pdf
2015-11-12 17:50 - 2015-11-12 17:50 - 00000000 ____D C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-12 17:12 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 17:12 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-12 17:12 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-12 17:12 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 17:12 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-12 17:12 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 17:12 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-12 17:12 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-12 17:12 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-12 17:12 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 17:12 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-12 17:12 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-12 17:12 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-12 17:12 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-12 17:12 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-12 17:12 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-12 17:12 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 17:12 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-12 17:12 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-12 17:12 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-12 17:12 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-12 17:12 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-12 17:12 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 17:12 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-12 17:12 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-12 17:12 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-12 17:12 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 17:12 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 17:12 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-12 17:12 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-12 17:12 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 17:12 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-12 17:12 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-12 17:12 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-12 17:12 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-12 17:12 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-12 17:12 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-12 17:12 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-12 17:12 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-12 17:12 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-12 17:12 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-12 17:12 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-12 17:12 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-12 17:12 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-12 17:12 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-12 17:12 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-12 17:12 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-12 17:12 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-12 17:12 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-12 17:12 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-12 17:12 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-12 17:12 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-12 17:12 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 07:09 - 2015-12-01 14:44 - 00003576 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2479479765-3668739851-1582905240-1000
2015-11-08 07:07 - 2015-11-08 07:07 - 00000000 ____D C:\Users\Harry\AppData\Local\CEF
2015-11-07 15:58 - 2015-11-07 15:58 - 00013718 _____ C:\Users\Harry\Downloads\EE07120FAE6D15E1711D1C812DB0E50E9A7ECB3A.torrent
2015-11-06 06:49 - 2015-12-01 14:44 - 00003516 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2479479765-3668739851-1582905240-1000
2015-11-05 10:39 - 2015-11-05 10:39 - 00001830 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-05 10:39 - 2015-11-05 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-05 10:38 - 2015-11-05 10:39 - 00000000 ____D C:\Program Files\iTunes
2015-11-05 10:38 - 2015-11-05 10:38 - 00000000 ____D C:\Program Files\iPod
2015-11-05 10:34 - 2015-11-05 10:34 - 00000000 ____D C:\Program Files\Bonjour
2015-11-05 10:33 - 2015-11-05 10:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-11-05 10:33 - 2015-11-05 10:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-02 07:42 - 2015-11-02 07:42 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FreeCell Solitaire.lnk
2015-11-02 07:42 - 2015-11-02 07:42 - 00001119 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2015-11-02 07:42 - 2015-11-02 07:42 - 00000000 ____D C:\Users\Harry\AppData\Roaming\TreeCardGames
2015-11-02 07:42 - 2015-11-02 07:42 - 00000000 ____D C:\ProgramData\TreeCardGames
2015-11-02 07:42 - 2015-11-02 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FreeCell Solitaire
2015-11-02 07:42 - 2015-11-02 07:42 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
2015-11-02 07:41 - 2015-11-02 07:42 - 07371488 _____ (TreeCardGames ) C:\Users\Harry\Downloads\free_freecell_solitaire2015_v300_setup.exe
2015-11-02 07:35 - 2015-11-02 07:39 - 00000000 ____D C:\Program Files (x86)\Media Freeware
2015-11-02 07:34 - 2015-11-02 07:35 - 12127888 _____ C:\Users\Harry\Downloads\hearts_setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 15:47 - 2015-08-08 15:38 - 00000000 ____D C:\Users\Harry
2015-12-01 15:47 - 2011-04-27 06:29 - 00000000 ____D C:\Users\Harry\Documents\Outlook Files
2015-12-01 15:47 - 2011-01-07 05:52 - 00000000 ____D C:\Users\Harry\Documents\Archive
2015-12-01 15:46 - 2013-08-23 15:01 - 00000000 ____D C:\FRST
2015-12-01 15:43 - 2010-02-04 16:56 - 00271360 _____ C:\Users\Harry\archive.pst
2015-12-01 15:26 - 2012-04-04 05:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-01 15:18 - 2010-08-17 06:59 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 15:11 - 2015-06-19 17:00 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2479479765-3668739851-1582905240-1000UA.job
2015-12-01 14:44 - 2014-01-15 14:43 - 00000000 ___RD C:\Users\Harry\Dropbox
2015-12-01 14:44 - 2014-01-15 14:40 - 00000000 ____D C:\Users\Harry\AppData\Roaming\Dropbox
2015-12-01 14:42 - 2015-08-08 16:23 - 00000000 ___RD C:\Users\Harry\OneDrive
2015-12-01 14:42 - 2010-08-17 06:59 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 14:42 - 2010-02-03 13:24 - 00000000 ____D C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-12-01 14:40 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-01 14:39 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-01 13:44 - 2014-04-23 05:26 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{27E0785D-F47B-43FD-9F01-7C5B8E097575}
2015-12-01 12:46 - 2014-03-07 09:35 - 00000000 ____D C:\AdwCleaner
2015-12-01 12:11 - 2015-06-19 17:00 - 00000866 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2479479765-3668739851-1582905240-1000Core.job
2015-12-01 08:54 - 2015-08-08 15:37 - 01344298 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-01 08:54 - 2015-07-10 11:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-01 07:52 - 2009-08-11 21:36 - 00000000 ____D C:\WINDOWS\ConfigSetRoot
2015-12-01 06:58 - 2014-06-23 20:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 06:50 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 06:50 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-30 16:03 - 2010-02-03 20:48 - 00000000 ____D C:\Users\Harry\AppData\Roaming\uTorrent
2015-11-30 12:20 - 2009-07-14 03:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-11-30 09:35 - 2013-09-08 12:27 - 00000698 _____ C:\Users\Harry\Desktop\Accounts - Shortcut.lnk
2015-11-29 11:12 - 2010-02-04 09:12 - 00001157 _____ C:\Users\Harry\Desktop\Adobe Dreamweaver CS3.lnk
2015-11-29 07:07 - 2013-01-26 16:58 - 00001714 _____ C:\Users\Harry\Desktop\Walk Programme.lnk
2015-11-29 07:05 - 2015-09-15 13:36 - 00001405 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-11-29 07:05 - 2015-09-15 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-29 07:05 - 2015-09-15 13:36 - 00000000 ____D C:\ProgramData\Freemake
2015-11-28 16:07 - 2010-02-06 12:17 - 00002041 _____ C:\Users\Harry\Desktop\Adobe Photoshop CS2.lnk
2015-11-25 15:50 - 2013-08-03 11:20 - 00000000 ____D C:\Users\Harry\AppData\Local\Spotify
2015-11-25 15:50 - 2013-08-03 06:29 - 00000000 ____D C:\Users\Harry\AppData\Roaming\Spotify
2015-11-24 11:58 - 2013-08-21 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-11-21 14:16 - 2013-01-29 17:17 - 00001381 _____ C:\Users\Harry\Desktop\MobileLife.lnk
2015-11-19 19:16 - 2015-08-09 00:30 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-19 19:04 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-19 17:03 - 2015-08-08 18:03 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-18 11:46 - 2014-08-16 14:40 - 00000000 ____D C:\Users\Harry\AppData\Local\Adobe
2015-11-14 07:39 - 2014-12-24 06:22 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-14 07:39 - 2010-02-01 11:44 - 00000000 ____D C:\ProgramData\Adobe
2015-11-14 07:39 - 2010-02-01 11:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-13 08:41 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 08:21 - 2015-07-10 11:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-13 08:18 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-13 06:53 - 2015-09-05 14:50 - 00002268 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-12 18:58 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 18:58 - 2010-02-01 12:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 18:43 - 2013-07-22 21:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 18:30 - 2010-02-03 14:57 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-12 01:32 - 2015-06-02 13:42 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-11-12 01:32 - 2011-05-04 05:39 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-11-08 07:07 - 2013-08-03 11:20 - 00001895 _____ C:\Users\Harry\Desktop\Spotify.lnk
2015-11-08 07:07 - 2013-08-03 11:20 - 00001881 _____ C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-11-07 15:48 - 2013-12-20 09:44 - 00001217 _____ C:\Users\Harry\Desktop\Moo0 Voice Recorder 1.43.lnk
2015-11-05 10:38 - 2013-11-08 19:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-05 10:38 - 2011-02-06 09:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-05 10:34 - 2010-02-04 09:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-05 10:33 - 2011-02-06 09:31 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-03 18:20 - 2015-10-08 13:26 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 18:20 - 2015-10-08 13:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 18:03 - 2015-07-10 09:05 - 00000000 ____D C:\Windows
2015-11-01 18:01 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SystemResources
2015-11-01 18:01 - 2015-07-10 09:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-01 18:00 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Globalization
2015-11-01 18:00 - 2010-02-04 09:20 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-01 17:50 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\registration
2015-11-01 17:46 - 2012-05-06 12:44 - 00000000 ____D C:\ProgramData\Real
2015-11-01 17:44 - 2013-11-28 15:26 - 00000000 ____D C:\Program Files (x86)\NetRatingsNetSight
2015-11-01 16:33 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI(19)

==================== Files in the root of some directories =======

2010-12-14 10:15 - 2010-02-06 16:17 - 0050688 _____ (Atribune.org) C:\Program Files\ATF-Cleaner.exe
2010-05-10 05:57 - 2010-05-10 05:57 - 0004397 _____ () C:\Program Files (x86)\Blogs.htm
2010-05-10 05:57 - 2010-05-10 05:57 - 0065285 _____ () C:\Program Files (x86)\Statistics.xml
2010-05-10 05:57 - 2010-05-10 05:57 - 0576924 _____ () C:\Program Files (x86)\tfwl.db5
2013-09-16 12:04 - 2013-09-16 12:04 - 0038437 _____ () C:\Users\Harry\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-02-07 10:34 - 2014-07-20 10:34 - 0000157 _____ () C:\Users\Harry\AppData\Roaming\default.rss
2013-08-12 16:41 - 2013-08-12 16:41 - 0000000 _____ () C:\Users\Harry\AppData\Roaming\downloads.m3u
2010-02-04 11:25 - 2010-02-04 11:25 - 0099384 _____ () C:\Users\Harry\AppData\Roaming\inst.exe
2014-10-27 16:52 - 2014-11-04 22:10 - 0003072 _____ () C:\Users\Harry\AppData\Roaming\Lifetime Memorybooks Prefsv3
2010-02-04 11:25 - 2010-02-04 11:25 - 0007859 _____ () C:\Users\Harry\AppData\Roaming\pcouffin.cat
2010-02-04 11:25 - 2010-02-04 11:25 - 0001167 _____ () C:\Users\Harry\AppData\Roaming\pcouffin.inf
2010-02-04 11:25 - 2010-02-04 11:25 - 0000034 _____ () C:\Users\Harry\AppData\Roaming\pcouffin.log
2010-02-04 11:25 - 2010-02-04 11:25 - 0082816 _____ (VSO Software) C:\Users\Harry\AppData\Roaming\pcouffin.sys
2010-03-06 08:27 - 2010-05-15 17:08 - 0001041 _____ () C:\Users\Harry\AppData\Roaming\vso_ts_preview.xml
2014-02-04 18:52 - 2015-05-10 21:21 - 0007611 _____ () C:\Users\Harry\AppData\Local\Resmon.ResmonCfg
2015-11-19 06:47 - 2015-11-19 06:47 - 0000000 _____ () C:\Users\Harry\AppData\Local\{9AB3004A-5DC2-4D8C-B023-51D20F881F5C}
2010-02-07 12:58 - 2010-02-07 12:58 - 0004940 _____ () C:\ProgramData\mtbjfghn.xbe
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some files in TEMP:
====================
C:\Users\Harry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpusmc04.dll
C:\Users\Harry\AppData\Local\Temp\FreemakeVideoConverterFull.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-30 07:20

==================== End of FRST.txt ============================
 
#6 ·
Here's the second log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by Harry (2015-12-01 15:48:09)
Running from C:\Users\Harry\Downloads
Windows 10 Home (X64) (2015-08-08 16:14:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2479479765-3668739851-1582905240-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2479479765-3668739851-1582905240-503 - Limited - Disabled)
Guest (S-1-5-21-2479479765-3668739851-1582905240-501 - Limited - Disabled)
Harry (S-1-5-21-2479479765-3668739851-1582905240-1000 - Administrator - Enabled) => C:\Users\Harry
HomeGroupUser$ (S-1-5-21-2479479765-3668739851-1582905240-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
ABBYY FineReader 5.0 Sprint Plus (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33517 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
ALDI Print Software (HKLM-x32\...\ALDI Print Software) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{0E96FD88-FF86-25BB-112E-804C2F1B1128}) (Version: 3.0.745.0 - ATI Technologies, Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5188 - DsNET Corp)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVerMedia M135-Series PCI TV Tuner 3.5.64.58 (HKLM-x32\...\AVerMedia M135-Series PCI TV Tuner) (Version: 3.5.64.58 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}) (Version: 6.0 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0 - AVerMedia Technologies, Inc.) Hidden
Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.0.8179 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BTHomeHub (HKLM-x32\...\BTHomeHub) (Version: - British Telecommunications Plc.)
calibre 64bit (HKLM\...\{38E8070E-5CF2-4EF0-A31A-0B18D9B9D817}) (Version: 0.9.11 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version: - Canon Inc.‎)
Canon LBP5300 (HKLM\...\Canon LBP5300) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
ccc-core-static (x32 Version: 2009.0925.1707.28889 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
Cleanersoft Free Registry Fix (HKLM-x32\...\Cleanersoft Free Registry Fix) (Version: - )
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
CodeTwo FolderSync Addin (HKLM-x32\...\{DA101069-C624-4066-A797-A04E7925B86C}) (Version: 1.3.3 - CodeTwo)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
ConvertXtoDVD 4.0.3.313 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.313 - )
Cortona3D Viewer (HKLM-x32\...\{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}) (Version: 6.0.180 - ParallelGraphics)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1906 - CyberLink Corporation)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )
EPSON Photo Print (HKLM-x32\...\{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Focus 165,000 Images (HKLM-x32\...\InstallShield_{1011BB75-9FBD-4743-B239-AB0E3166BA02}) (Version: 3.12.0000 - Focus Multimedia)
Focus 165,000 Images (x32 Version: 3.12.0000 - Focus Multimedia) Hidden
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version: - TreeCardGames)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Gacela (HKLM-x32\...\{5F0545E7-3F0F-4730-AF70-26E61DBDF263}) (Version: 10.1.166 - Nurago)
Gold MP4 Player (HKLM-x32\...\Gold MP4 Player_is1) (Version: - Excellent Technology Exchange)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)
Instant CD & DVD Burner (HKLM-x32\...\Instant CD & DVD Burner_is1) (Version: - )
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 1920a - CyberLink Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lifetime Memorybooks (HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\Lifetime Memorybooks) (Version: Lifetime Memorybooks 4.1.0 - Lifetime Memorybooks)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaShow (HKLM-x32\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.4325 - CyberLink Corporation)
Meka MP3 Album Artwork Tool (HKLM-x32\...\{566D66BF-BF53-4FA7-91C5-F419A37F7248}) (Version: 1.0.0 - DroidSDK Software)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version: - )
Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version: - )
Moo0 YouTube Downloader 1.07 (HKLM-x32\...\Moo0 Utube-DL) (Version: - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10500 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10100.1.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nielsen (HKLM-x32\...\NetSight) (Version: - )
P3170P Reference Guide (HKLM-x32\...\P3170P Reference Guide) (Version: - )
PhotoNow! 1.0 (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 3.0.4310 - CyberLink Corporation)
Photoworld (HKLM-x32\...\Photoworld) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Power2Go 5.0 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.2903 - CyberLink Corporation)
PowerDirector Express (HKLM-x32\...\{EDE721EC-870A-11D8-9D75-000129760D75}) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerDVD Copy (HKLM-x32\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.3716a - CyberLink Corporation)
PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1507.93 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.89 (HKLM-x32\...\Revo Uninstaller) (Version: 1.89 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
Spotify (HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
Tango (HKLM-x32\...\{F9D6C8E8-770A-4F02-AE5C-FB85581551CD}) (Version: - ) <==== ATTENTION
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.93 - Trusteer)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinX DVD Author 6.3.6 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
WinX DVD Copy Pro 3.6.5 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Harry\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Harry\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================

22-11-2015 08:26:41 Scheduled Checkpoint
24-11-2015 11:57:10 Installed Rapport

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2013-08-28 13:45 - 00000741 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B556A5-9922-4ED0-AA4A-5523CF41F67A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {0577B87A-0C87-4D22-BBD8-7DBA9A624B95} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {062FEE5E-1280-460D-A741-26475CB15696} - System32\Tasks\{02B84E35-850B-410C-BB0D-BF7885CDACB2} => pcalua.exe -a C:\Users\Harry\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Harry\Desktop
Task: {07EF40F2-D1BA-400B-BDCC-CF28F84FBDF9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {09BD83E9-7709-4C9B-8481-712AF1A1A8C8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2479479765-3668739851-1582905240-1000Core => C:\Users\Harry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {10F9D733-7B86-415C-930C-82A0C0407581} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1538C8FB-4244-4B23-A3A1-63466C1BEABF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1F3019CD-DD68-4785-9844-5763AF55FA2D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {21AFD19B-C71F-463E-A491-2C942B6B6A42} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2964DDEF-282E-483A-878C-A9535C883A11} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2B922906-0100-4547-86F8-736193DCB49A} - System32\Tasks\{67F896EF-6386-4C16-9E9B-3505869D1E9A} => pcalua.exe -a "C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YZHXV9LV\M135_6.0.18.09070601_Drv_3.6.x.6_SWEncoders_3.0.1.6_MCE_Plugins_2.0.8.0_090724[1].exe" -d C:\Users\Harry\Desktop
Task: {2B982FC0-EF3A-44F5-81E0-0EDD7BE564A6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3A799C8F-16AB-4217-A864-EEB5907D0D06} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2479479765-3668739851-1582905240-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {3B435659-7195-4BE0-8DEC-7D543E1E2C51} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {475B60B5-86AB-4A25-BDB8-7662CC8486C2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {53AAABDF-A6D8-4186-8C7D-8F32FB077EE5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {56FAB7D7-3BF5-4CE2-8958-A7E438D0F71B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {63AAAD55-0D45-42FA-AD68-4D990BC5F54B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {67A87615-CCDA-4184-BAE6-BE2E9BC7049E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {712F75C6-E2CA-47D3-BD8A-140AE2CC40E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {802803EA-4A6D-4834-AF92-057BBA9902B4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {813A2A62-2DFB-45AC-A229-B7736FA2AF40} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2479479765-3668739851-1582905240-1000UA => C:\Users\Harry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {8403EBC6-621F-4255-BA90-76DE29BB77B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {865B18C4-36A0-446B-8BAA-A73A845F1AF4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {87F78C33-269E-4D28-A2C2-773F50BB7A6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {88F6C776-6004-41EE-9451-2FF22525D3B0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9F28711A-6B30-4D94-9F74-900D086295D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A022EA28-A18F-4A54-BDBE-174519D1BADF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A400F9FA-17D7-43A5-8590-26CF8F248CD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A669015C-2263-489D-9D91-7C3B397DB9D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A70CFEE5-27E7-4E26-85C1-2B69C2B34CC3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A7B88E1B-03B3-45CD-9CCE-2D1C6897F488} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A8C71E4B-65D2-43BF-A730-6B09BAE6878F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A9291AAF-423C-424C-91E1-C74DCDE81486} - System32\Tasks\{CCE30659-C6FD-4F83-981B-BCD2BD968747} => pcalua.exe -a C:\Users\Harry\AppData\Local\Temp\dlmB8C4.tmp\ashampoo_firewall_sm.exe -d C:\Users\Harry\Desktop
Task: {AF0C5729-A672-4E49-A774-D2CDE001247A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {B0474763-1DA4-42E0-BD4E-C0254B0E8E99} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2479479765-3668739851-1582905240-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B2E4584F-752B-4DEC-9CF9-E6244D2C8B84} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {B38BB90D-2381-4EA0-A5A5-61EFC75861BF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B5AF50EB-7210-4D71-94D2-59B01D5F996E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B89F01FA-9246-49CD-A9DE-61D856829E70} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BCC23324-6480-4EAE-83DE-D024D9D81A92} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {BCFD1B75-064A-4FAC-9661-916E1B7A73FB} - System32\Tasks\{B91134D7-AD70-4209-83B6-38CD91F83A5A} => pcalua.exe -a "C:\Program Files\BullGuard Ltd\BullGuard\uninst.exe"
Task: {C07D873D-021E-4794-BCB9-6F87566EF874} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {C5AA30A7-60D7-4AD6-9D93-5C603F7986B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D04C595E-FB71-4C54-9310-6CE33EAC3B82} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
Task: {D146D600-CB55-40D9-BAE2-87301739029E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D14F9C74-B02C-4D20-B4ED-D92FD079C91F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D29B9823-AE0F-47BA-B7D2-05846E87416F} - System32\Tasks\{A92BE974-8A08-431E-A0C2-E669AF316320} => pcalua.exe -a C:\Users\Harry\AppData\Local\Temp\dlm93D6.tmp\ashampoo_firewall_sm.exe -d C:\Users\Harry\Desktop
Task: {D7C29E22-99F8-4247-A104-C08BFC5C8E4B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2479479765-3668739851-1582905240-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {E44B1687-32F2-40BF-86D1-5AEF2540D5C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {EC3EC071-A286-422B-820B-A0224A8C4A5F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2479479765-3668739851-1582905240-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F0890454-0E92-4310-81B5-CC9294E64E6B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F0E4B025-4139-4C02-9262-52BBC8CE662D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F3CBAB36-3A12-4245-A816-37BEBD8011EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2479479765-3668739851-1582905240-1000Core.job => C:\Users\Harry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2479479765-3668739851-1582905240-1000UA.job => C:\Users\Harry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\BT email & search.LNK -> C:\Program Files (x86)\BTHomeHub\Launcher\LaunchHM.exe (British Telecommunications plc) -> hxxp://www.bt.yahoo.com <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\My BT.LNK -> C:\Program Files (x86)\BTHomeHub\Launcher\LaunchHM.exe (British Telecommunications plc) -> hxxp://www.bt.com/mybt <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 11:00 - 2015-07-10 11:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-09 00:27 - 2015-08-09 00:27 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-23 17:09 - 2015-08-23 17:09 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-03-04 13:02 - 2010-03-04 13:02 - 00102400 _____ () C:\Program Files (x86)\Gacela\Gacela-Reporting.exe
2010-03-04 13:02 - 2010-03-04 13:02 - 00180224 _____ () C:\Program Files (x86)\Gacela\Gacela-Updater.exe
2010-02-01 11:46 - 2006-12-19 21:23 - 00272024 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2015-10-07 15:32 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-07 15:32 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00042336 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\AppPackageInfoSupport_x64.dll
2015-10-07 15:31 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-15 13:36 - 2015-11-23 16:05 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2015-10-07 15:32 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-07 15:31 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-07 15:31 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-07 15:32 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:00 - 2015-07-10 13:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2010-03-04 13:01 - 2010-03-04 13:01 - 01011712 _____ () C:\Program Files (x86)\Gacela\updatercom.dll
2015-10-07 14:57 - 2015-11-04 23:44 - 00166416 _____ () C:\Users\Harry\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-01 14:43 - 2015-12-01 14:43 - 00071168 _____ () c:\users\harry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpusmc04.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00790880 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\communication.dll
2013-11-28 15:26 - 2015-09-25 13:54 - 00790880 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2015-08-02 13:33 - 2015-09-03 00:11 - 00012800 _____ () C:\Users\Harry\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 21:45 - 2015-09-03 00:11 - 00779776 _____ () C:\Users\Harry\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-02 13:33 - 2015-09-03 00:11 - 00056320 _____ () C:\Users\Harry\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-02 13:33 - 2015-09-03 00:11 - 00012288 _____ () C:\Users\Harry\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00831840 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npchromeinstaller.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00885088 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npfirefoxprocessor.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00185696 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npsp1.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00279904 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npsurvey.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00224096 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npUIASupport.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00665440 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npwebsockets.dll
2015-10-16 08:43 - 2015-09-25 13:50 - 00252768 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\npwmi.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-09-06 16:44 - 2014-09-06 16:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 16:41 - 2014-05-24 16:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-11-13 06:53 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-13 06:53 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-13 06:53 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder(6265).dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes(6267).dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBA.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coredpus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_win.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_wininternal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esxuin32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esxwia32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esxwiaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFrameworkInternalPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationPermissions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationControllerPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Notifications.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModelShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ViakaraokeSrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esint32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ff_vfw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FLVSplitter.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pncrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RLAPEDec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpiowin32.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdyboost.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Users\Harry\GoToAssistDownloadHelper.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\1428325462.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\174717CE_5056_A318_A89BC436A5D58044 (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\174717CE_5056_A318_A89BC436A5D58044 (2).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\174717CE_5056_A318_A89BC436A5D58044 (3).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\174717CE_5056_A318_A89BC436A5D58044.doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\1B0EFB69_5056_A318_A895C723542C3788.doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\1B192E81_5056_A318_A8B71C191A8E831F (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\1B192E81_5056_A318_A8B71C191A8E831F (2).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\1B192E81_5056_A318_A8B71C191A8E831F (3).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\1B192E81_5056_A318_A8B71C191A8E831F (4).doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\1B192E81_5056_A318_A8B71C191A8E831F.doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\20150507 OFFICIAL - Elections E debrief (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\20150507 OFFICIAL - Elections E debrief.docx:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\325391xx0_victoria_cataleg.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\341304xx4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342394xx0_victoria_cataleg.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (1).dwg:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (1).dxf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (2).dwg:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (2).dxf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (3).dwg:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (3).dxf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395 (4).dxf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395.dwg:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342395.dxf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342396xx0 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342396xx0 (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342396xx0 (3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\342396xx0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\34239Sxx0 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\34239Sxx0 (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\34239Sxx0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\344397xx0_victoria_cataleg.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\5D9E1529_5056_A318_A8C7B73B5385BC30.doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\89FA925B_1143_EC82_2EDF0C729C037E4E.docx:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\certificate-templates-for-word6.doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\CrucialUKScan (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\CrucialUKScan (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\CrucialUKScan (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\CrucialUKScan (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\CrucialUKScan.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\CrucialUKScan.exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\DropboxInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\DropboxInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\F6997AAC6D15C0B55A9B38BF50952CCBC4178C20.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\FE935AEBED698EBBEFC4294DBDB3FB087041731E (1).torrent:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\FE935AEBED698EBBEFC4294DBDB3FB087041731E (2).torrent:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\FE935AEBED698EBBEFC4294DBDB3FB087041731E.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\FileZilla_3.12.0.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\FileZilla_3.9.0.6_win32-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup (3).exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup (3).exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\GoogleEarthSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\IdealStandard_Multiproduct_web-cutout_455f94b6792e74a9acf25b53c3710708.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\July Cycle RouteVer3.docx:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\mast-win-ip7200-1_0-mcd.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\mast-win-ip7200-1_0-mcd.exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\mig_-win-3_1_1-ea31_2.exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\mypr-win-3_2_1-ea11_2.exe:$CmdTcID
AlternateDataStreams: C:\Users\Harry\Downloads\mypr-win-3_2_1-ea11_2.exe:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Parking Permit March 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\PolicyDocument (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Qualifying-Schemes-ENG_29kb (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Qualifying-Schemes-ENG_29kb.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Setup (1).website:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Setup (2).website:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Setup (3).website:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Setup (4).website:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\Setup .website:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\TheHampshireHaslarRoadGosportTemporaryRoadClosureOrder2015 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\TheHampshireHaslarRoadGosportTemporaryRoadClosureOrder2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\UploadedFile_130759266695496400.doc:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\wetransfer-8c2fa4.zip:$CmdZnID
AlternateDataStreams: C:\Users\Harry\Downloads\WilkinsonVintnersPriceList.xls:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\download.com -> download.com
IE trusted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\lightspeedpanel.com -> hxxp://uk.lightspeedpanel.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\...\123simsen.com -> www.123simsen.com

There are 6717 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479479765-3668739851-1582905240-1000\Control Panel\Desktop\\Wallpaper -> D:\My Pictures\Camera2013\JanFeb\IMG_0163.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5300 Status Window.lnk => C:\Windows\pss\Canon LBP5300 Status Window.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\ (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{4C0102ED-2A9C-4775-980E-41EAD81D50A5}C:\users\harry\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\harry\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D3A02251-CA1E-4BC1-B9E6-8C237D99AF15}C:\users\harry\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\harry\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{B404274A-A2F9-4A6C-8E1A-6145C699DDA4}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{93F604DD-836C-422A-BD9D-046051E9AB17}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{6A285101-86D2-4E1C-9AB1-9919603BAC6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66DC8B69-4FA3-419D-9E83-658CCC5DA4F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{751C1B2F-9A54-4430-91AC-D089F07FC31F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C29CB9EF-5841-4E69-8F3D-E91178A395FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75187116-FF6C-4015-B786-65D113BC9C37}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F43AD138-CBA0-42E6-B5BA-D496EA28B554}C:\users\harry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\harry\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55AF7F79-418F-4F43-B4C5-640EADD8DEF7}C:\users\harry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\harry\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2597E34D-0131-4ED0-B84E-3279C94370DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{879765FE-9C0B-4F4B-A235-6A0ABEEC7D37}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [UDP Query User{C6154C08-3781-4237-804E-7B27E1E75C6B}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2015 02:55:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 02:44:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f50

Start Time: 01d12c465f38e70f

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 0ce0caba-983a-11e5-9be6-90e6ba57d184

Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (12/01/2015 02:44:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HARRYPC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (12/01/2015 02:44:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 02:44:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 02:23:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 01:58:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 01:58:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 01:53:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 01:36:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HARRYPC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (12/01/2015 02:46:04 PM) (Source: DCOM) (EventID: 10010) (User: HARRYPC)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (12/01/2015 02:40:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/01/2015 02:39:06 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (12/01/2015 02:38:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.

Error: (12/01/2015 02:38:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.

Error: (12/01/2015 02:38:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_Session1 service, but this action failed with the following error:
%%1056

Error: (12/01/2015 02:38:25 PM) (Source: DCOM) (EventID: 10010) (User: HARRYPC)
Description: {49F171DD-B51A-40D3-9A6C-52D674CC729D}

Error: (12/01/2015 02:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/01/2015 02:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/01/2015 02:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2015-12-01 15:48:09.980
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 15:48:09.960
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 15:48:09.424
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 15:48:09.404
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 15:47:15.791
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 15:47:15.764
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 12:49:14.319
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 08:52:49.914
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 08:52:49.887
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-01 08:52:49.058
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 20%
Total physical RAM: 12031.17 MB
Available physical RAM: 9521.08 MB
Total Virtual: 24319.17 MB
Available Virtual: 21771.87 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:455.99 GB) (Free:260.99 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Toshiba One HDD) (Fixed) (Total:931.51 GB) (Free:781.86 GB) NTFS
Drive e: (RA1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 37B4D5AA)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: 001C692E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#7 ·
I think the only way we will fix this is a reinstall of chrome

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...otherwise as soon as you reinstall or reconnect chrome, it will automatically restore all the old malware/adware/unwanted extensions and files/settings

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html
 
#8 ·
It's not going well! I saved my bookmarks and reset my synced data (there wasn't a delete option) and deleted browsing history.
I uninstalled Chrome and answered all Google's questions as to why!
I reinstalled Chrome which seemed to go OK until the end when I had this come up: http://tools.google.com/chrome/intl/en/welcome.html
This page wouldn't load so I closed it. Opened Chrome and after a couple of set up questions it went to a new tab which wouldn't load either, nor would to go to any website. Uninstalled and reinstalled Chrome again with the same result!

Guess I'm stuck with Explorer?
 
#9 ·
lets see what this manages to do
Download attached fixlist.txt file and save it to your downloads folder.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

#10 ·
Thanks Derek, done that. Here's the report:

Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by Harry (2015-12-02 09:58:08) Run:3
Running from C:\Users\Harry\Downloads
Loaded Profiles: Harry (Available Profiles: Harry & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
emptytemp:

*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
EmptyTemp: => 2 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 10:16:36 ====
 
#14 ·
I know there have been problems with Chrome and W10 but it worked fine for me. I've run Malwarebytes (deleted some PUPs) and Defender (nothing) so don't know what else to do. I really don't like Edge so I guess I'm stuck with Explorer unless you have any other ideas?
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top