Solved Somethings up!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
My pc is really bogged down. For some reason, recently, when I select IE, two IE windows attempt to open. It doesn't happen with Chrome but I use IE more so it's a bit of a hassle. Not the end of the world to close one window out but I've also noticed that I can only perform one function at a time now. When I go to a desired website it's fine but then when I try to open email or another site it just buffers. I have to end out of everything and now I'm having to completely reboot. Have run Malware Bytes, found a few things that are quarantined but there's not difference in performance. Ideas?
 

flavallee

Trusted Advisor
Joined
May 12, 2002
Messages
81,346
First Name
Frank
Be patient until one of the malware specialists here replies to you.

We need some information about your computer and its Windows operating system, so please do the following in it:
Download and save the TSG System Information Utility (SysInfo.exe) file.
After it's been downloaded and saved, double-click it to run it.
Information about your computer will appear.
Return here, then copy-and-paste the ENTIRE text in your reply.

----------------------------------------------------------------
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 5943 Mb
Graphics Card: Intel(R) HD Graphics, -1348 Mb
Hard Drives: C: 910 GB (704 GB Free); D: 21 GB (2 GB Free);
Motherboard: Hewlett-Packard, 2AA7
Antivirus: None
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
839
Hi aimee, Welcome to the Tech Support Guy malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you have questions at any time during the cleanup, feel free to ask.
--------------------

Farbar Recovery Scan Tool (FRST) 64 bit
  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05.2019 01
Ran by Home (administrator) on HOME-HP (Hewlett-Packard 610-1010t) (14-05-2019 16:31:23)
Running from C:\Users\Home\Desktop\Tech guy
Loaded Profiles: Home (Available Profiles: Home & LogMeInRemoteUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_32_0_0_142_ActiveX.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> ) C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Cermak Technologies, Inc. -> TechGuy, Inc.) C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PI6Z9JK\SysInfo.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\72.4.136\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
(Siber Systems -> ) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Norton Online Backup] => c:\program files (x86)\symantec\norton online backup\nobuclient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete -> PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537600 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [Google Update] => C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [BingSvc] => C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {3c0703f9-00ff-11e3-a919-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {820ec244-2ec0-11e2-abc8-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {9e87ae17-c354-11e3-8702-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {cd1340a1-61c5-11e4-8665-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {d3f06c4f-c239-11e3-ab57-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {fcf4368a-dce4-11e3-80d7-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{104AA62D-D285-4BF9-87ED-CC68F20CDD0F}] -> C:\Program Files (x86)\Amazon\Amazon Assistant\AmazonAssistantTaskbar.exe /pin:
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-10]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055B8EAC-3D40-47E5-8346-B258CD79B51B} - System32\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {058AA6F6-9320-45E3-B576-6AD8BF450B2E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0B30940D-927E-4F2A-A82C-73CD3A7E1FC7} - System32\Tasks\{4B5D1208-15B7-4657-8063-D640656DCE04} => C:\Users\Home\AppData\Roaming\Smilebox\SmileboxStarter.exe
Task: {153725A3-EF58-42CA-96C2-B00A9C84B2FF} - System32\Tasks\HPCeeScheduleForHOME-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-09-14] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {2E06CBDD-C7DD-4DCF-8B8E-00E779B483E2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {31C3E094-6744-4ED6-AB54-BFE686639E2C} - System32\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {410EB72E-CABE-4091-8A6C-F4A391CF3FBF} - System32\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {41309504-B05D-4316-95AC-DBAE767201C7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
Task: {50F68914-DD26-467D-8126-24E5A8866878} - System32\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {53071935-EE96-43E9-8211-386E7826A3E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {54739C41-D1C6-43B4-A749-B824F0EB1431} - System32\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {5BAD9E8C-1897-47C7-8398-C755E2F7183C} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\Overwolf.exe
Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
Task: {5E9FB838-6F6C-448F-9682-214D8F2B26AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {706BEABC-9344-4396-997E-CEA5623905A3} - System32\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {777637E4-EF74-4780-A5EA-6FA583DD76B1} - System32\Tasks\Amazon Music Helper => C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
Task: {7853C6A7-331B-4AC7-9861-D1C57B16AF19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {91CC2D29-A48F-4D2F-967C-963EDD5A3944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {94F403B1-CFA4-4C54-95AE-ABA2E1B2541F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {9696DF0C-4A2C-405F-B249-E6A9AAA77096} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {977FC7CB-A926-4046-8B73-204413F74D9C} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLJPMKJPMGMOMIMNMCNHMGMJJLMCNLMLJOJLJCNNJNMNJMMCNLJJJGMKJGMKJJJKMOMNMPMIMJNJICMHMCNKMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMNMKMKMJNHICMEKMICNJJCKJNBJCMLIIJKJAJNIIJKJPLKICJGJMJHJBNKJLJKIJNKJCML (the data entry has 100 more characters).
Task: {A1C48D45-A5F6-480B-B211-BD0A304E166E} - System32\Tasks\GoogleUpdateTaskMachineCore1cfea87c073e9d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C0B1DBCC-63A1-4C59-9288-0A6C7D9E78BD} - System32\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {C8D4921B-647E-4E8C-B16C-9DA5AA708FA7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [136488 2010-09-03] (CyberLink -> CyberLink)
Task: {CEC60F82-A8BC-457A-A898-969C00B014C2} - System32\Tasks\GoogleUpdateTaskMachineUA1cfea87c1768517 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {DDA6347A-68C8-4368-91E2-35CD44CDE86E} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [1248312 2011-08-11] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {E8B3FDB7-4D70-4422-B925-63026C20B618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001UA => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
Task: {F684044D-1F6A-4FAD-B280-1EDC0AF55329} - System32\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {F70B8165-F38F-44D4-9819-F70E9093C77B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001Core => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{368E3CF1-07EC-4441-891C-5E28240268C8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{42242F2F-8E4B-4DA6-9775-E3701AB62209} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{C4AFC024-FCDF-4AB2-9764-48819F092604} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D915748D-8CD4-46BC-B741-E4303DB6764E} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [NameServer] 18.217.241.230
Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A0736165-0B27-488A-B801-08BC8DE7312B}: [NameServer] 18.221.254.213

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=befhp&type=iehp-4.7-1805
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.bing.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {6271CD1C-3937-485A-9A09-A593F7069707} URL = hxxps://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-4.7-1805
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} hxxp://www.photodex.com/pxplay.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default [2018-06-03]
FF Homepage: mozilla\firefox\Profiles\gcq5yow9.default -> hxxps://www.malwarebytes.org/restorebrowser/param1=y6bdVFVIsvuYsgEClQfz8KTL4HLBF1wBOkVfCJhNXY6t%2BipeZtEdYEFU7g9wi2bjIBeUCUPthp5B6ksGPGKrbSvIuQEt%2Btfdhn4OjEPtw4RL34QkqUDQg4Om0RSqp268rFH1Dj12wyPVJ1yqCAejaMA9EmgI7js%2B5iznHYu2SE%2BhRWfCqGRqtfL4EE2mAfZodmVSL70XSoSwvZgAlkYsPymfHasWUYgx4Ysn54lCBFItVZfkZs%2FaBSaM8AU2onPMSbuBN37X60q3mx2yG0v9gy6inyqmiFG9PqXN%2F0ilrB0%3D
FF Extension: (Firefox Hotfix) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2016-10-07] [Legacy]
FF Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2017-10-26]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\bing-lavasoft-ff59.xml [2018-04-01]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\Yahoo powered search.xml [2019-05-03]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2017-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-07] [Legacy] [not signed]
FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-11-10] ( ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-16] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @hulu.com/Hulu Desktop -> C:\Users\Home\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu -> Hulu LLC)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Home\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-08-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Home\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2016-01-18] (RevTrax) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7%2FSBHDoRu0l7POinR9MfVMrBz2a6PLaTDh3EQbeGQVoY9hhitelfGOYzrRBS6Ykx2EF%2Fl5MVqxUcwTHy2w%2FUubEiNKi7C0uFbcfHNHlV67qOTK92lxHCZCVQVhWBodQuit%2BHzA4S9mJ0Dqe02w3fnkPTghBBJyA%2FDdvSr7x22obIC%2BHK71vZ5yYlg6850zbInDOBE%2BMV7E4CbZldwxDim7dPLXo33ZUYhJuCkXK5GzwE%3D","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7m8LAeZoS4G9z2zivyIMrMZ%2Bms%2F%2BvWGjvjP%2BFW7vbLHzobA3%2FyHKfKpNwU%2F0ISyQOl6dP5NGFHzjn94AGAfBBV5fURd9XfuHdx5ruP3T9JBsPP7idrVvGnWB%2B4k0wJM3SvXB461fU2xkgQz64xGOEykKM4aAEz%2Fd7ItXjn11IJvyNVqVygNOgNmI%2FM0mXKKu53yBhyf8XiE9RKhvZ8N9jJQ%3D%3D&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7PvtYauGJUfR6ThlzvtlpDX8mZmhlM1UewwJGPVqWtATNuw37hss8HKCaFs1ZA2ZTlSermjkGUhnsGPMgPt0agrtGGhVRmnbpVN6ugGdha4D7Xzf6PdAyEcLLUfuiJEFpVmEilieRcDbvi%2BrWzlZk2PdDFFGGIJPVkcDO%2FWOl4RDR%2FmT5W8fSgzyYNL4YzgN4MQujhLvIuCYDqz9w%2FcMTNg%3D%3D
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2019-05-14]
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-24]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-18]
CHR Extension: (Honey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-05-02]
CHR Extension: (Bing Homepage) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdldbgojabdbiapkfeldpfmbecmcaoec [2019-01-01]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-05-14]
CHR Extension: (Grammarly for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-14]
CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2019-05-14]
CHR Extension: (Online Safety) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledpmklechmkjngjilbfpogiehjbemkj [2019-04-12]
CHR Extension: (Wikibuy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
CHR Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2019-04-12]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]
CHR HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cdldbgojabdbiapkfeldpfmbecmcaoec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-01] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2018-02-09] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AC_Service.exe [309712 2016-11-05] (Citrix Online -> Citrix Systems, Inc.)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9553632 2016-10-01] (Siber Systems -> )
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation -> Symantec Corporation)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete -> PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S4 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [399344 2010-09-11] (Sonic Solutions -> Roxio)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [318464 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies -> AVG Technologies)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-09-03] (CyberLink -> CyberLink Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-08] (Martin Malik - REALiX -> REALiX(tm))
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [158976 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2016-07-08] (ITE Tech. Inc. -> ITE Tech. Inc. )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-14] (Malwarebytes Corporation -> Malwarebytes)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2016-07-08] (MEDIATEK INC. -> MediaTek Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [77824 2010-01-22] (Microsoft Windows Hardware Compatibility Publisher -> NEC Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2016-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-07-08] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-08] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [536576 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U1 aswbdisk; no ImagePath
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-14 16:31 - 2019-05-14 16:31 - 000000000 ____D C:\FRST
2019-05-14 16:30 - 2019-05-14 16:31 - 000000000 ____D C:\Users\Home\Desktop\Tech guy
2019-05-14 13:29 - 2019-05-14 13:29 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-12 14:57 - 2019-05-12 15:14 - 000000000 ____D C:\Users\Home\Desktop\Alcon
2019-05-08 08:03 - 2019-05-08 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-07 15:51 - 2019-05-07 15:51 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-05-07 08:34 - 2019-05-07 08:34 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-07 08:34 - 2019-05-07 08:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-07 08:34 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq
2019-04-16 08:56 - 2019-04-16 08:56 - 000000000 ____D C:\Users\Home\Downloads\FontBundles-Restuner-Script
2019-04-16 08:44 - 2019-04-16 08:44 - 000363369 _____ C:\Users\Home\Downloads\FontBundles-Restuner-Script (1).zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-14 16:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
2019-05-14 16:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
2019-05-14 16:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
2019-05-14 16:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
2019-05-14 16:07 - 2016-10-17 08:07 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
2019-05-14 16:07 - 2016-10-17 08:07 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
2019-05-14 15:57 - 2012-11-26 15:53 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2019-05-14 15:50 - 2016-02-29 14:05 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-14 15:49 - 2016-01-17 18:49 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job
2019-05-14 15:49 - 2016-01-17 18:49 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job
2019-05-14 13:45 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-14 13:45 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-14 13:29 - 2016-02-29 14:05 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-14 13:29 - 2012-11-26 15:53 - 000000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2019-05-14 13:28 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-14 13:02 - 2011-07-06 15:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-14 08:42 - 2012-11-16 19:59 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3C32409-668F-4FA3-9651-2571686A5B6A}
2019-05-13 10:21 - 2013-03-12 08:36 - 000000000 ____D C:\Users\Home\Documents\Outlook Files
2019-05-12 22:11 - 2013-02-25 10:19 - 000000000 ____D C:\Users\Home\AppData\Roaming\Skype
2019-05-12 14:32 - 2009-07-14 01:13 - 000787576 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-12 14:32 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-05-12 14:26 - 2018-03-28 14:18 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-05-11 21:19 - 2017-07-26 23:39 - 000003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1287311948-1235629539-2080862382-1001
2019-05-11 21:19 - 2014-02-20 14:24 - 000002160 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-05-11 21:19 - 2013-05-13 10:53 - 000000000 ___RD C:\Users\Home\SkyDrive
2019-05-09 12:07 - 2018-03-17 18:46 - 000000000 ____D C:\Users\Home\Desktop\Ebay
2019-05-09 12:02 - 2014-03-14 07:36 - 000000000 ____D C:\Users\Home\AppData\Local\EDEA3002-5618-4EF1-8A2C-01276660F85C.aplzod
2019-05-08 08:03 - 2016-02-29 14:05 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-05-07 09:01 - 2013-02-13 09:48 - 000003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHOME-HP$
2019-05-07 09:01 - 2013-02-13 09:48 - 000000340 _____ C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job
2019-05-07 08:34 - 2018-06-03 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-07 08:31 - 2014-08-11 18:24 - 000000000 ____D C:\AdwCleaner
2019-05-07 08:31 - 2012-11-16 20:52 - 000000000 ____D C:\Users\Home\AppData\Local\CrashDumps
2019-05-03 08:58 - 2012-11-26 15:53 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-03 08:58 - 2012-11-26 15:53 - 000002064 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-26 08:39 - 2016-02-29 14:08 - 000000000 ___RD C:\Users\Home\Dropbox
2019-04-17 07:41 - 2009-07-14 00:45 - 000447808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-16 08:45 - 2012-11-14 22:13 - 000129160 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 08:41 - 2017-08-15 09:37 - 000000141 _____ C:\Users\Home\Desktop\Font Bundles - The Best Free and Premium Fonts.url
2019-04-15 12:32 - 2012-11-14 19:24 - 000000000 ____D C:\Users\Home\AppData\Local\Apple Computer
2019-04-15 12:30 - 2014-09-29 20:58 - 000000000 ____D C:\Users\Home\Desktop\CAROLINE

==================== Files in the root of some directories =======

2013-05-03 19:08 - 2013-05-03 19:08 - 004167680 _____ () C:\Program Files (x86)\GUTC246.tmp
2015-10-10 16:49 - 2015-11-16 13:13 - 000000093 _____ () C:\Users\Home\AppData\Roaming\ARCompanion.log
2018-01-03 12:06 - 2018-01-04 10:53 - 000001862 _____ () C:\Users\Home\AppData\Roaming\downloads.json
2013-08-14 13:19 - 2013-08-14 13:19 - 000162046 _____ () C:\Users\Home\AppData\Roaming\VideoPad.dmp
2015-06-10 17:24 - 2015-09-01 08:24 - 000000177 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2013-08-10 11:29 - 2018-03-12 16:35 - 000011776 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-21 07:05 - 2018-04-21 07:05 - 000000000 _____ () C:\Users\Home\AppData\Local\{48EF422F-A40D-45A5-B26B-E71848CA3C00}
2018-04-06 14:20 - 2018-04-06 14:20 - 000000000 _____ () C:\Users\Home\AppData\Local\{6D271F56-8FC4-4D43-9619-AA1B4EE91955}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-13 13:04
==================== End of FRST.txt ============================
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05.2019 01
Ran by Home (14-05-2019 16:35:25)
Running from C:\Users\Home\Desktop\Tech guy
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-15 02:09:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1287311948-1235629539-2080862382-500 - Administrator - Disabled)
Guest (S-1-5-21-1287311948-1235629539-2080862382-501 - Limited - Enabled) => C:\Users\Guest
Home (S-1-5-21-1287311948-1235629539-2080862382-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1287311948-1235629539-2080862382-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-1287311948-1235629539-2080862382-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3M Products Update version 2012-05 for Microsoft Office 2010 (HKLM-x32\...\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1) (Version: - 3M Company)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{0538B1C2-85C1-4ECC-BA77-61F537D81092}) (Version: 10.18.0221 - Amazon) <==== ATTENTION
Amazon Music (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AT&T Connect Participant Application v11.7.303 (HKLM-x32\...\{4DDBB234-AB68-4D47-BABA-2ED472E0B7A1}) (Version: 11.7.303 - AT&T Inc.)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cash Back Assistant (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2017.4.7.1 - Capital Intellect, Inc.)
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{0A223CAC-7FAC-4A7F-AA0F-3921A512C735}) (Version: 28.12.20.10001 - Cisco WebEx LLC)
Computer Requirements 1.0 (HKLM-x32\...\{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1) (Version: - Furst Person)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 72.4.136 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.61.1 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.8.0.1205 - Citrix Systems, Inc.)
Grammarly (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{E5D2A304-3F72-4D79-BE42-15EB2FAE4D5C}) (Version: 6.7.162 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{383f290c-ffb7-4a20-9533-a62d984c4d3f}) (Version: 6.7.162 - Grammarly)
History Viewer v5.1 (HKLM-x32\...\History Viewer_is1) (Version: - Digital Forensics Studio)
HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4701 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4700 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LogMeIn (HKLM-x32\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi PDF Converter version 5.2 (HKLM-x32\...\{43CF388F-EB3B-4AF2-9A3C-0E5A2013F598}_is1) (Version: 5.2 - Essex Software, LLC)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
[email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
[email protected] (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
Personal Color Viewer (HKLM-x32\...\{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}) (Version: 3.0.2 - Eco Color Company) Hidden
Personal Color Viewer (HKLM-x32\...\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1) (Version: 3.0.2 - Eco Color Company)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Uploader (HKLM-x32\...\{60945EFA-28EB-8202-19C1-70DD667075CB}) (Version: 1.2 - UNKNOWN) Hidden
Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
[email protected] (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
RapidPlayer v6.0 ActiveX Control (HKLM-x32\...\{31C2F32D-C5DD-4583-8181-B48591CA231C}) (Version: - )
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RevTraxPrintMyCoupon (HKLM-x32\...\{A3F9A883-1D51-4D0F-83F6-2D060A26C8E9}) (Version: 1.0.0.0 - RevTrax)
Rich Media Player (HKLM-x32\...\Rich Media Player) (Version: 1.0.0.464 - Radiocom) <==== ATTENTION
RoboForm 8-5-8-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-5-8-8 - Siber Systems)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
SSOption (HKLM-x32\...\AlphaLab software) (Version: 2.0.9.1 - AlphaLab Corp.) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
Synctunes Desktop (HKLM-x32\...\{4A14B3B7-5D71-4C3F-967B-50D6A42BF7F7}) (Version: 1.1.0 - The Bit Studio)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-05] (Hewlett-Packard Company -> Hewlett-Packard)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-07-06 15:22 - 2009-07-02 17:58 - 000406016 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2011-07-06 15:22 - 2010-02-11 13:07 - 000710656 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000069120 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\MObexDll.dll
2014-02-04 11:11 - 2014-02-04 11:11 - 001605632 _____ (Samsung) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SS_RC.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2016-01-17 18:46 - 2018-12-25 12:00 - 000233984 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
2016-01-17 18:45 - 2018-12-26 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
2014-04-12 16:36 - 2014-04-12 16:36 - 000811008 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusDeviceManager.dll
2014-04-12 16:36 - 2014-04-12 16:36 - 001649152 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusNetworkManager.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000512000 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceDBModule.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000184320 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceModule.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000123392 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\FileAndProcessModule.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000284672 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\GlobalUtils.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000157184 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\NetworkModule.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000538624 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\Resource.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000411136 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SCommon.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000116224 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA_Modules.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
AlternateDataStreams: C:\Users\Home\Desktop\coverter music:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\alorica.com -> alorica.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.com -> aloricaathome.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.net -> aloricaathome.net
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\athpoweronline.com -> hxxps://www.athpoweronline.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\myhostedcloud.com -> hxxps://ca.myhostedcloud.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\west.com -> west.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.com -> westathome.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.net -> westathome.net
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\workathomeagent.net -> workathomeagent.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-01-04 11:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\SysWOW64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 18.217.241.230
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMIMaint => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LogMeIn => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PasswordBox => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vToolbarUpdater18.1.7 => 2
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
FirewallRules: [{7BE6A925-6B15-49CC-A8FC-CC493FD28326}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00E8BD04-B77F-4E9D-9895-4DB1DBDF26CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
FirewallRules: [{A662C544-8664-4F55-8570-139EF386994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{4CBCF409-0416-4D22-AAD9-5557B5E98365}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9CE75101-9C1F-4593-93C5-6D90836EE569}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
FirewallRules: [{7FD90B51-3AFE-4434-9D20-2DCBB635D3FB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{297237F7-BB0A-40A2-ACB7-A23F2AB444A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.) [File not signed]
FirewallRules: [{BB042078-04C0-4ED7-88E3-C639BAB79E9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CA503653-B884-4F97-8B2E-EDDA8EF5C9CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F543469D-0596-47F9-9ACE-247F363E6182}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B18DFCDE-2A0A-4E81-B45F-F86C66EBB73F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E661F178-213C-40DE-88F5-EA5D64F3F239}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D98C721-6530-4E5B-9BFA-562469AAC3DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{86CDFFD9-0684-4B00-A4F8-7404A15E2EB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{35A7B644-03D5-4177-B519-DF7A6FB75B08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{DB8D4806-C46D-4CAF-962F-3A01411C55C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{AA83530D-3672-41E5-8B0D-45193AFEEB75}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [TCP Query User{96263E0B-6C83-43A5-BC4A-3FB58B4E28D7}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5152C925-8E90-456D-932A-E275A8CB326B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{360C59A5-4B37-4B04-BBDA-6B2E4BED385F}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe (The Bit Studio) [File not signed]
FirewallRules: [{A13E125E-3EFE-42DB-9CE3-798BB9C2ACC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35C14B29-7966-409A-9BE2-E5D62FB19F89}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CAE8E3DF-D2A0-4061-9C4F-386B0FF743CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{80BAB43E-3FF5-4C36-96C3-FB63667AEAAF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{87A3DE29-001F-428B-B3BA-6F86DE639719}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FECAE967-39FA-4EF7-A267-476D17E0C5F4}] => (Allow) LPort=2869
FirewallRules: [{A9501120-7964-44F7-8300-CDB6391D157C}] => (Allow) LPort=1900
FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{95A10269-FAB8-4D24-BF3D-CB9CE6C631F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8B9846D-4361-47E6-8A6A-43ABCFCBCECE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B567F05A-36B3-46E6-8A6C-1CEC268594BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{075BA779-7902-43E9-93A3-874741C5C694}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E80EB02-7F63-428F-B1FB-E69DE9C1A4BF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1F33DD0D-3AD8-4A08-AE81-BDB9F11E042A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{25785534-8B9C-4145-83AB-2149095C28CD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3265148C-DD33-496A-9025-27BB8D9EC9F3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5C48FE5D-D916-4B12-B623-8CE336952E80}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{27BC7757-C5A5-4A2F-9816-68D75C7FC4AF}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2324DD7-0EFA-4FB0-A2C5-D720B58D3D8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{3DBCFACF-D232-4778-907F-5126BEF4E2C2}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )
FirewallRules: [{7206B97D-EBAF-46CF-A71E-D9B1A2D64D37}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AC0F35B9-D823-4457-A6BA-0CBA417E40AD}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{43F50CFC-37EC-4EFC-9564-75E0061FE288}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{F2614A68-0871-49D6-8E10-D4AA296F0796}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{76A2593A-AEEE-4A70-85AE-67D926E807E1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{B47052B2-7DC8-4DB1-9B6F-C5AD88426A46}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1B9FE451-6A60-42A3-BC15-7C01BAB8E66C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{44D14047-BB62-4337-8A23-911AC01C3C1F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{44676FDA-3F7D-428C-AB34-32D3CE7F0153}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{95AD0F24-6886-428C-B553-7CE0D507FA0E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{647A18B3-0B73-4773-AF8E-7A4A1B78FF58}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C6CE9C92-3B3E-45F4-A3A1-3880B7506B45}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FDCC4D4D-1FE2-459C-B62F-71ECA654C291}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{536140A5-49A6-401B-84F7-487BFFCD923B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

26-04-2019 08:51:58 Windows Update
30-04-2019 08:35:37 Windows Update
03-05-2019 08:56:10 Windows Update
09-05-2019 08:09:32 Windows Update
12-05-2019 09:40:45 Windows Update
14-05-2019 09:14:05 Windows Update
14-05-2019 12:57:21 Removed Microsoft Silverlight
14-05-2019 13:00:56 Configured HP

==================== Faulty Device Manager Devices =============

Name: MpKslf3e2724b
Description: MpKslf3e2724b
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf3e2724b
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2019 02:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6583

Error: (05/14/2019 02:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6583

Error: (05/14/2019 02:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/14/2019 01:39:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/14/2019 08:41:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/13/2019 01:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7347

Error: (05/13/2019 01:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7347

Error: (05/13/2019 01:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/14/2019 04:29:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (05/14/2019 04:20:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/14/2019 04:17:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/14/2019 01:35:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intuit Update Service v4 service hung on starting.

Error: (05/14/2019 01:35:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/14/2019 01:35:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/14/2019 01:33:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The GoodSync Server service hung on starting.

Error: (05/14/2019 01:30:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.


Windows Defender:
===================================
Date: 2014-08-18 04:07:22.688
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
Name:Adware:Win32/BetterSurf
ID:200821
Severity:High
Category:Adware
Path Found:containerfile:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx->[ChromeCrxPackage]->ffWebexpEnhancedV1alpha177chaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome.manifest;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177ffaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\default\WebexpEnhancedV1alpha177_32.png;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\Thumbs.db;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrom
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2014-07-23 03:55:59.960
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
Name:Adware:Win32/BetterSurf
ID:200821
Severity:High
Category:Adware
Path Found:containerfile:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;containerfile:C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1416\ch\MediaViewerV1alpha1416.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2722\ch\MediaViewV1alpha2722.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3234\ch\MediaViewV1alpha3234.crx;containerfile:C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home386\ch\MediaWatchV1home386.crx;containerfile:C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta351\ch\VideoPlayerV3beta351.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx->[ChromeCrxPackage]->ffMediaPlayerV1alpha773chaction.js;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome.manifest;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome\content\ffMediaPlayerV1al
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2014-08-11 10:08:12.022
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2014-08-11 10:08:12.022
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:
Error code:0x80070002
Error description:The system cannot find the file specified.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 6.09 03/24/2011
Motherboard: Hewlett-Packard 2AA7
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 91%
Total physical RAM: 5943.11 MB
Available physical RAM: 532.95 MB
Total Virtual: 11884.37 MB
Available Virtual: 5484.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.18 GB) (Free:704.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:21.24 GB) (Free:2.6 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{820ec235-2ec0-11e2-abc8-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B0CF9B15)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
839
Hi,

Do you use these programs?

Amazon Assistant
Google Toolbar for Internet Explorer
CouponViewer Toolbar
RevTraxPrintMyCoupon


Did you set Bing and Yahoo as your preferred search providers in Firefox and Google Chrome?

Did you install the Hola Free VPN Proxy Unblocker and Online Safety Chrome extensions?

----------------------------------------

Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
    Code:
    Catalina Savings Printer
    Rich Media Player
    SSOption
  • Select each program and click Uninstall.
  • Restart the computer if prompted.

----------------------------------------

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
Code:
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]
2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq

HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File

C:\Program Files (x86)\IObit

VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe

End
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log (fixlog.txt) in the same folder/directory as FRST
  • Please post the contents of fixlog.txt in your next reply.
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Hi iMacg3,

No, I do not use:

Amazon Assistant
Google toolbar for IE
CouponViewer Toolbar
RevTraxPrintMy Coupon


I attempted to uninstall the following programs with differing results:

Catalina Savings Printer = The feature you're trying to use is on a network resource that is unavailable. "Ok" to try again or enter an alternate path
Rich Media Player = might already have been uninstalled. Want to remove it from Programs and Features? ( I didn't do anything here)
SSOption = uninstalled successfully

I didn't run FRST yet - thought I'd wait to hear back regarding above issues.

Thanks for hanging in there with me.
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
839
Hi,

If you do not use those programs, you can uninstall them:

Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
    Code:
    Amazon Assistant
    Google Toolbar for Internet Explorer
    CouponViewer Toolbar
    RevTraxPrintMyCoupon
  • Select each program and click Uninstall.
  • Restart the computer if prompted.

Rich Media Player = might already have been uninstalled. Want to remove it from Programs and Features? ( I didn't do anything here)
Select the option to remove it from Programs and Features.

---------------------------------

Did you set Bing and Yahoo as your preferred search providers in Firefox and Google Chrome?

Did you install the Hola Free VPN Proxy Unblocker and Online Safety Chrome extensions?

---------------------------------

Let me know if you were able to uninstall the programs successfully.
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Able to uninstall the following:

  • Rich media
  • RevtraxPrintMyCoupon
  • Google toolbar for IE
  • Amazon Assistant

  • Could not find CouponViewer Toolbar as an instaledl program
  • Yes, I selected Bing for IE (don't have Fire Fox)
  • Yahoo is for Chrome

Did not install Hola Free VPN, Proxy Unblocker, or Online Safety Chrome extensions (not even sure what these are ... SHOULD I install ?
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
839
Hi,

Please run a new FRST scan:

  • Right-click Frst.exe/Frst64.exe and click Run as Administrator.
  • Press the Scan button and wait for it to complete.
  • When the scan completes, 2 logs will open on your desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05.2019
Ran by Home (administrator) on HOME-HP (Hewlett-Packard 610-1010t) (17-05-2019 18:00:20)
Running from C:\Users\Home\Desktop\Tech guy
Loaded Profiles: Home (Available Profiles: Home & LogMeInRemoteUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> ) C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\72.4.136\QtWebEngineProcess.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
(Siber Systems -> ) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Norton Online Backup] => c:\program files (x86)\symantec\norton online backup\nobuclient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete -> PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537600 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [Google Update] => C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [BingSvc] => C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {3c0703f9-00ff-11e3-a919-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {820ec244-2ec0-11e2-abc8-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {9e87ae17-c354-11e3-8702-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {cd1340a1-61c5-11e4-8665-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {d3f06c4f-c239-11e3-ab57-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {fcf4368a-dce4-11e3-80d7-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-17] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-10]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055B8EAC-3D40-47E5-8346-B258CD79B51B} - System32\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {058AA6F6-9320-45E3-B576-6AD8BF450B2E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0B30940D-927E-4F2A-A82C-73CD3A7E1FC7} - System32\Tasks\{4B5D1208-15B7-4657-8063-D640656DCE04} => C:\Users\Home\AppData\Roaming\Smilebox\SmileboxStarter.exe
Task: {153725A3-EF58-42CA-96C2-B00A9C84B2FF} - System32\Tasks\HPCeeScheduleForHOME-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-09-14] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {2E06CBDD-C7DD-4DCF-8B8E-00E779B483E2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {31C3E094-6744-4ED6-AB54-BFE686639E2C} - System32\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {410EB72E-CABE-4091-8A6C-F4A391CF3FBF} - System32\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {41309504-B05D-4316-95AC-DBAE767201C7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
Task: {50F68914-DD26-467D-8126-24E5A8866878} - System32\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {53071935-EE96-43E9-8211-386E7826A3E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {54739C41-D1C6-43B4-A749-B824F0EB1431} - System32\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {5BAD9E8C-1897-47C7-8398-C755E2F7183C} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\Overwolf.exe
Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
Task: {5E9FB838-6F6C-448F-9682-214D8F2B26AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {706BEABC-9344-4396-997E-CEA5623905A3} - System32\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {777637E4-EF74-4780-A5EA-6FA583DD76B1} - System32\Tasks\Amazon Music Helper => C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
Task: {7853C6A7-331B-4AC7-9861-D1C57B16AF19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {91CC2D29-A48F-4D2F-967C-963EDD5A3944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {94F403B1-CFA4-4C54-95AE-ABA2E1B2541F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {9696DF0C-4A2C-405F-B249-E6A9AAA77096} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {977FC7CB-A926-4046-8B73-204413F74D9C} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLJPMKJPMGMOMIMNMCNHMGMJJLMCNLMLJOJLJCNNJNMNJMMCNLJJJGMKJGMKJJJKMOMNMPMIMJNJICMHMCNKMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMNMKMKMJNHICMEKMICNJJCKJNBJCMLIIJKJAJNIIJKJPLKICJGJMJHJBNKJLJKIJNKJCML (the data entry has 100 more characters).
Task: {A1C48D45-A5F6-480B-B211-BD0A304E166E} - System32\Tasks\GoogleUpdateTaskMachineCore1cfea87c073e9d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C0B1DBCC-63A1-4C59-9288-0A6C7D9E78BD} - System32\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {C8D4921B-647E-4E8C-B16C-9DA5AA708FA7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [136488 2010-09-03] (CyberLink -> CyberLink)
Task: {CEC60F82-A8BC-457A-A898-969C00B014C2} - System32\Tasks\GoogleUpdateTaskMachineUA1cfea87c1768517 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {DDA6347A-68C8-4368-91E2-35CD44CDE86E} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [1248312 2011-08-11] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {E8B3FDB7-4D70-4422-B925-63026C20B618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001UA => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
Task: {F684044D-1F6A-4FAD-B280-1EDC0AF55329} - System32\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {F70B8165-F38F-44D4-9819-F70E9093C77B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001Core => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{368E3CF1-07EC-4441-891C-5E28240268C8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{42242F2F-8E4B-4DA6-9775-E3701AB62209} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{C4AFC024-FCDF-4AB2-9764-48819F092604} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D915748D-8CD4-46BC-B741-E4303DB6764E} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [NameServer] 18.217.241.230
Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A0736165-0B27-488A-B801-08BC8DE7312B}: [NameServer] 18.221.254.213

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=befhp&type=iehp-4.7-1805
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.bing.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {6271CD1C-3937-485A-9A09-A593F7069707} URL = hxxps://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-4.7-1805
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} hxxp://www.photodex.com/pxplay.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default [2018-06-03]
FF Homepage: mozilla\firefox\Profiles\gcq5yow9.default -> hxxps://www.malwarebytes.org/restorebrowser/param1=y6bdVFVIsvuYsgEClQfz8KTL4HLBF1wBOkVfCJhNXY6t%2BipeZtEdYEFU7g9wi2bjIBeUCUPthp5B6ksGPGKrbSvIuQEt%2Btfdhn4OjEPtw4RL34QkqUDQg4Om0RSqp268rFH1Dj12wyPVJ1yqCAejaMA9EmgI7js%2B5iznHYu2SE%2BhRWfCqGRqtfL4EE2mAfZodmVSL70XSoSwvZgAlkYsPymfHasWUYgx4Ysn54lCBFItVZfkZs%2FaBSaM8AU2onPMSbuBN37X60q3mx2yG0v9gy6inyqmiFG9PqXN%2F0ilrB0%3D
FF Extension: (Firefox Hotfix) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2016-10-07] [Legacy]
FF Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2017-10-26]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\bing-lavasoft-ff59.xml [2018-04-01]
FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\Yahoo powered search.xml [2019-05-03]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2017-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-07] [Legacy] [not signed]
FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-11-10] ( ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-16] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @hulu.com/Hulu Desktop -> C:\Users\Home\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu -> Hulu LLC)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Home\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-08-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7%2FSBHDoRu0l7POinR9MfVMrBz2a6PLaTDh3EQbeGQVoY9hhitelfGOYzrRBS6Ykx2EF%2Fl5MVqxUcwTHy2w%2FUubEiNKi7C0uFbcfHNHlV67qOTK92lxHCZCVQVhWBodQuit%2BHzA4S9mJ0Dqe02w3fnkPTghBBJyA%2FDdvSr7x22obIC%2BHK71vZ5yYlg6850zbInDOBE%2BMV7E4CbZldwxDim7dPLXo33ZUYhJuCkXK5GzwE%3D","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7m8LAeZoS4G9z2zivyIMrMZ%2Bms%2F%2BvWGjvjP%2BFW7vbLHzobA3%2FyHKfKpNwU%2F0ISyQOl6dP5NGFHzjn94AGAfBBV5fURd9XfuHdx5ruP3T9JBsPP7idrVvGnWB%2B4k0wJM3SvXB461fU2xkgQz64xGOEykKM4aAEz%2Fd7ItXjn11IJvyNVqVygNOgNmI%2FM0mXKKu53yBhyf8XiE9RKhvZ8N9jJQ%3D%3D&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7PvtYauGJUfR6ThlzvtlpDX8mZmhlM1UewwJGPVqWtATNuw37hss8HKCaFs1ZA2ZTlSermjkGUhnsGPMgPt0agrtGGhVRmnbpVN6ugGdha4D7Xzf6PdAyEcLLUfuiJEFpVmEilieRcDbvi%2BrWzlZk2PdDFFGGIJPVkcDO%2FWOl4RDR%2FmT5W8fSgzyYNL4YzgN4MQujhLvIuCYDqz9w%2FcMTNg%3D%3D
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2019-05-16]
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-24]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-18]
CHR Extension: (Honey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-05-02]
CHR Extension: (Bing Homepage) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdldbgojabdbiapkfeldpfmbecmcaoec [2019-01-01]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-05-14]
CHR Extension: (Grammarly for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-14]
CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2019-05-14]
CHR Extension: (Online Safety) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledpmklechmkjngjilbfpogiehjbemkj [2019-04-12]
CHR Extension: (Wikibuy from Capital One) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
CHR Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2019-04-12]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]
CHR HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cdldbgojabdbiapkfeldpfmbecmcaoec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-01] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2018-02-09] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AC_Service.exe [309712 2016-11-05] (Citrix Online -> Citrix Systems, Inc.)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9553632 2016-10-01] (Siber Systems -> )
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation -> Symantec Corporation)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete -> PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S4 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [399344 2010-09-11] (Sonic Solutions -> Roxio)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [318464 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies -> AVG Technologies)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-09-03] (CyberLink -> CyberLink Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-08] (Martin Malik - REALiX -> REALiX(tm))
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [158976 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2016-07-08] (ITE Tech. Inc. -> ITE Tech. Inc. )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-17] (Malwarebytes Corporation -> Malwarebytes)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2016-07-08] (MEDIATEK INC. -> MediaTek Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [77824 2010-01-22] (Microsoft Windows Hardware Compatibility Publisher -> NEC Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2016-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-07-08] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-08] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [536576 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U1 aswbdisk; no ImagePath
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-17 09:06 - 2019-05-17 09:06 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-15 14:40 - 2019-04-25 00:01 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-15 14:40 - 2019-04-24 23:31 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-15 14:40 - 2019-04-18 22:54 - 004057320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-05-15 14:40 - 2019-04-18 22:53 - 003963624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-05-15 14:40 - 2019-04-18 22:53 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-05-15 14:40 - 2019-04-18 22:51 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:44 - 000095456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-05-15 14:40 - 2019-04-18 22:43 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-15 14:40 - 2019-04-18 22:42 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-15 14:40 - 2019-04-18 22:42 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-05-15 14:40 - 2019-04-18 22:42 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-05-15 14:40 - 2019-04-18 22:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:20 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-05-15 14:40 - 2019-04-18 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-05-15 14:40 - 2019-04-18 22:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-05-15 14:40 - 2019-04-18 22:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-05-15 14:40 - 2019-04-18 22:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-05-15 14:40 - 2019-04-18 22:11 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-05-15 14:40 - 2019-04-18 22:08 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-05-15 14:40 - 2019-04-18 22:08 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-05-15 14:40 - 2019-04-18 22:08 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-05-15 14:40 - 2019-04-18 22:08 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-05-15 14:40 - 2019-04-18 22:08 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-05-15 14:40 - 2019-04-18 22:08 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-05-15 14:40 - 2019-04-18 22:07 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-05-15 14:40 - 2019-04-18 22:07 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-05-15 14:40 - 2019-04-18 22:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-05-15 14:40 - 2019-04-18 22:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-05-15 14:40 - 2019-04-18 22:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-05-15 14:40 - 2019-04-18 22:07 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-05-15 14:40 - 2019-04-18 22:07 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-05-15 14:40 - 2019-04-16 11:17 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-15 14:40 - 2019-04-16 11:17 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-05-15 14:40 - 2019-04-16 11:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-05-15 14:40 - 2019-04-16 11:05 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-15 14:40 - 2019-04-16 11:05 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-05-15 14:40 - 2019-04-16 11:05 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-05-15 14:40 - 2019-04-16 11:05 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-05-15 14:40 - 2019-04-04 20:34 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-15 14:39 - 2019-04-30 15:28 - 000397112 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-05-15 14:39 - 2019-04-30 14:37 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-05-15 14:39 - 2019-04-29 20:51 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-15 14:39 - 2019-04-29 20:51 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-15 14:39 - 2019-04-24 23:52 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-05-15 14:39 - 2019-04-24 23:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-05-15 14:39 - 2019-04-24 23:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-15 14:39 - 2019-04-24 23:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-05-15 14:39 - 2019-04-24 23:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-05-15 14:39 - 2019-04-24 23:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-05-15 14:39 - 2019-04-24 23:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-05-15 14:39 - 2019-04-24 23:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-05-15 14:39 - 2019-04-24 23:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-05-15 14:39 - 2019-04-24 23:28 - 005775360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-15 14:39 - 2019-04-24 23:28 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-05-15 14:39 - 2019-04-24 23:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-05-15 14:39 - 2019-04-24 23:26 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-15 14:39 - 2019-04-24 23:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-05-15 14:39 - 2019-04-24 23:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-05-15 14:39 - 2019-04-24 23:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-05-15 14:39 - 2019-04-24 23:19 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-05-15 14:39 - 2019-04-24 23:16 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-05-15 14:39 - 2019-04-24 23:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-05-15 14:39 - 2019-04-24 23:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-05-15 14:39 - 2019-04-24 23:11 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-05-15 14:39 - 2019-04-24 23:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-05-15 14:39 - 2019-04-24 23:09 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-15 14:39 - 2019-04-24 23:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-05-15 14:39 - 2019-04-24 23:09 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-05-15 14:39 - 2019-04-24 23:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-05-15 14:39 - 2019-04-24 23:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-05-15 14:39 - 2019-04-24 23:05 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-05-15 14:39 - 2019-04-24 23:05 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-05-15 14:39 - 2019-04-24 23:05 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-05-15 14:39 - 2019-04-24 23:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-05-15 14:39 - 2019-04-24 23:03 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-15 14:39 - 2019-04-24 23:03 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-05-15 14:39 - 2019-04-24 23:02 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-05-15 14:39 - 2019-04-24 23:02 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-05-15 14:39 - 2019-04-24 23:01 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-05-15 14:39 - 2019-04-24 22:54 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-05-15 14:39 - 2019-04-24 22:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-05-15 14:39 - 2019-04-24 22:50 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-05-15 14:39 - 2019-04-24 22:50 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-05-15 14:39 - 2019-04-24 22:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-05-15 14:39 - 2019-04-24 22:49 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-05-15 14:39 - 2019-04-24 22:49 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-05-15 14:39 - 2019-04-24 22:48 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-05-15 14:39 - 2019-04-24 22:47 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-05-15 14:39 - 2019-04-24 22:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-05-15 14:39 - 2019-04-24 22:46 - 015285248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-15 14:39 - 2019-04-24 22:46 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-05-15 14:39 - 2019-04-24 22:45 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-05-15 14:39 - 2019-04-24 22:43 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-05-15 14:39 - 2019-04-24 22:40 - 004493312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-15 14:39 - 2019-04-24 22:38 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-05-15 14:39 - 2019-04-24 22:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-05-15 14:39 - 2019-04-24 22:36 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-05-15 14:39 - 2019-04-24 22:35 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-15 14:39 - 2019-04-24 22:35 - 005303808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-15 14:39 - 2019-04-24 22:35 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-05-15 14:39 - 2019-04-24 22:24 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-15 14:39 - 2019-04-24 22:18 - 004831232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-15 14:39 - 2019-04-24 22:14 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-15 14:39 - 2019-04-24 22:14 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-05-15 14:39 - 2019-04-24 22:12 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-05-15 14:39 - 2019-04-18 22:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-05-15 14:39 - 2019-04-18 22:51 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-05-15 14:39 - 2019-04-18 22:51 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-05-15 14:39 - 2019-04-18 22:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-05-15 14:39 - 2019-04-18 22:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-05-15 14:39 - 2019-04-18 22:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-05-15 14:39 - 2019-04-18 22:50 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-05-15 14:39 - 2019-04-18 22:44 - 000185064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-05-15 14:39 - 2019-04-18 22:43 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-15 14:39 - 2019-04-18 22:43 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-05-15 14:39 - 2019-04-18 22:43 - 000064232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2019-05-15 14:39 - 2019-04-18 22:43 - 000063208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2019-05-15 14:39 - 2019-04-18 22:43 - 000060648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2019-05-15 14:39 - 2019-04-18 22:43 - 000031976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2019-05-15 14:39 - 2019-04-18 22:43 - 000023784 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2019-05-15 14:39 - 2019-04-18 22:43 - 000020200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2019-05-15 14:39 - 2019-04-18 22:42 - 000122600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2019-05-15 14:39 - 2019-04-18 22:42 - 000068328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2019-05-15 14:39 - 2019-04-18 22:42 - 000036064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2019-05-15 14:39 - 2019-04-18 22:42 - 000015080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2019-05-15 14:39 - 2019-04-18 22:42 - 000012136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2019-05-15 14:39 - 2019-04-18 22:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-05-15 14:39 - 2019-04-18 22:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-05-15 14:39 - 2019-04-18 22:40 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-05-15 14:39 - 2019-04-18 22:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-05-15 14:39 - 2019-04-18 22:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-05-15 14:39 - 2019-04-18 22:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-05-15 14:39 - 2019-04-18 22:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-05-15 14:39 - 2019-04-18 22:39 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-05-15 14:39 - 2019-04-18 22:39 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-05-15 14:39 - 2019-04-18 22:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-05-15 14:39 - 2019-04-18 22:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-05-15 14:39 - 2019-04-18 22:20 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-05-15 14:39 - 2019-04-18 22:20 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-05-15 14:39 - 2019-04-18 22:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-05-15 14:39 - 2019-04-18 22:15 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-05-15 14:39 - 2019-04-18 22:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-05-15 14:39 - 2019-04-18 22:12 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-05-15 14:39 - 2019-04-18 22:11 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-05-15 14:39 - 2019-04-16 11:17 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-05-15 14:39 - 2019-04-16 11:17 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-05-15 14:39 - 2019-04-16 11:17 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-05-15 14:39 - 2019-04-16 11:16 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-05-15 14:39 - 2019-04-16 11:05 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-05-15 14:39 - 2019-04-16 11:05 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-05-15 14:39 - 2019-04-16 11:05 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-05-15 14:39 - 2019-04-16 11:05 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-05-15 14:39 - 2019-04-16 11:05 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-05-15 14:39 - 2019-04-16 10:55 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-05-15 14:39 - 2019-04-16 09:15 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2019-05-15 14:39 - 2019-04-16 09:15 - 000419648 _____ C:\Windows\system32\locale.nls
2019-05-15 14:39 - 2019-04-14 01:42 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-05-15 14:39 - 2019-04-14 01:40 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-15 14:39 - 2019-04-14 01:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-05-15 14:39 - 2019-04-14 01:39 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-15 14:39 - 2019-04-14 01:39 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-05-15 14:39 - 2019-04-14 01:28 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-05-15 14:39 - 2019-04-14 01:26 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-15 14:39 - 2019-04-14 01:26 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-15 14:39 - 2019-04-14 01:26 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-05-15 14:39 - 2019-04-14 01:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-05-15 14:39 - 2019-04-14 01:26 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-05-15 14:39 - 2019-04-14 01:12 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-05-15 14:39 - 2019-04-07 11:17 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-05-15 14:39 - 2019-04-07 11:17 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-05-15 14:39 - 2019-04-07 11:17 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-05-15 14:39 - 2019-04-07 11:17 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-15 14:39 - 2019-04-07 11:17 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-05-15 14:39 - 2019-04-07 11:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-05-15 14:39 - 2019-04-07 11:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-05-15 14:39 - 2019-04-07 11:15 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-05-15 14:39 - 2019-04-07 11:05 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-05-15 14:39 - 2019-04-07 11:03 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-05-15 14:39 - 2019-04-07 11:03 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-05-15 14:39 - 2019-04-07 11:03 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-05-15 14:39 - 2019-04-07 11:03 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-05-15 14:39 - 2019-04-07 11:02 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-05-15 14:39 - 2019-04-07 11:02 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-05-15 14:39 - 2019-04-07 11:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-05-15 14:39 - 2019-04-07 11:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-05-15 14:39 - 2019-04-07 10:57 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-05-15 14:39 - 2019-04-07 10:49 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-15 14:39 - 2019-04-07 10:48 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-05-15 14:39 - 2019-04-07 10:45 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-05-15 14:39 - 2019-04-07 10:45 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-05-15 14:39 - 2019-04-07 10:45 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-05-15 14:39 - 2019-04-07 10:42 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-15 14:39 - 2019-04-07 10:42 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-15 14:39 - 2019-04-07 10:42 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-15 14:39 - 2019-04-07 10:42 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-15 14:39 - 2019-04-07 10:42 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-15 14:39 - 2019-04-07 10:38 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-15 14:39 - 2019-04-07 10:35 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-15 14:39 - 2019-04-07 10:33 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-05-15 14:39 - 2019-04-07 10:33 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-05-15 14:39 - 2019-04-07 09:05 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-15 14:39 - 2019-04-04 20:23 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-14 16:31 - 2019-05-17 18:00 - 000000000 ____D C:\FRST
2019-05-14 16:30 - 2019-05-17 18:00 - 000000000 ____D C:\Users\Home\Desktop\Tech guy
2019-05-12 14:57 - 2019-05-12 15:14 - 000000000 ____D C:\Users\Home\Desktop\Alcon
2019-05-08 08:03 - 2019-05-08 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-07 15:51 - 2019-05-07 15:51 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-05-07 08:34 - 2019-05-07 08:34 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-07 08:34 - 2019-05-07 08:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-07 08:34 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-17 12:50 - 2016-02-29 14:05 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-17 12:49 - 2016-01-17 18:49 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job
2019-05-17 12:49 - 2016-01-17 18:49 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job
2019-05-17 12:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
2019-05-17 12:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
2019-05-17 12:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
2019-05-17 12:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
2019-05-17 12:07 - 2016-10-17 08:07 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
2019-05-17 12:07 - 2016-10-17 08:07 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
2019-05-17 11:57 - 2012-11-26 15:53 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2019-05-17 10:39 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2019-05-17 09:21 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-17 09:21 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-17 09:05 - 2016-02-29 14:05 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-17 09:05 - 2012-11-26 15:53 - 000000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2019-05-17 09:05 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-17 02:18 - 2012-11-26 15:53 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-17 02:18 - 2012-11-26 15:53 - 000002064 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-17 02:15 - 2012-11-16 19:59 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3C32409-668F-4FA3-9651-2571686A5B6A}
2019-05-17 02:02 - 2012-11-26 15:53 - 000000000 ____D C:\Program Files\Google
2019-05-17 02:02 - 2012-11-26 15:52 - 000000000 ____D C:\Program Files (x86)\Google
2019-05-16 11:34 - 2012-11-26 15:53 - 000000000 ____D C:\Users\Home\AppData\Local\Google
2019-05-16 11:27 - 2012-11-16 20:52 - 000000000 ____D C:\Users\Home\AppData\Local\CrashDumps
2019-05-16 03:49 - 2009-07-14 01:13 - 000787576 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-16 03:49 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-05-16 03:42 - 2009-07-14 00:45 - 000447808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-16 03:37 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-05-16 03:37 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Dism
2019-05-16 03:17 - 2013-08-14 11:58 - 000000000 ____D C:\Windows\system32\MRT
2019-05-16 03:07 - 2012-11-16 20:33 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-16 03:03 - 2011-07-06 15:04 - 000779698 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-05-15 14:17 - 2015-03-15 20:13 - 000003508 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001UA
2019-05-15 14:17 - 2015-03-15 20:13 - 000003236 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001Core
2019-05-15 14:13 - 2015-11-02 07:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 14:10 - 2014-10-17 23:58 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfea87c1768517
2019-05-15 14:10 - 2014-10-17 23:58 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfea87c073e9d3
2019-05-14 13:02 - 2011-07-06 15:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-13 10:21 - 2013-03-12 08:36 - 000000000 ____D C:\Users\Home\Documents\Outlook Files
2019-05-12 22:11 - 2013-02-25 10:19 - 000000000 ____D C:\Users\Home\AppData\Roaming\Skype
2019-05-12 14:26 - 2018-03-28 14:18 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-05-11 21:19 - 2017-07-26 23:39 - 000003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1287311948-1235629539-2080862382-1001
2019-05-11 21:19 - 2014-02-20 14:24 - 000002160 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-05-11 21:19 - 2013-05-13 10:53 - 000000000 ___RD C:\Users\Home\SkyDrive
2019-05-09 12:07 - 2018-03-17 18:46 - 000000000 ____D C:\Users\Home\Desktop\Ebay
2019-05-09 12:02 - 2014-03-14 07:36 - 000000000 ____D C:\Users\Home\AppData\Local\EDEA3002-5618-4EF1-8A2C-01276660F85C.aplzod
2019-05-08 08:03 - 2016-02-29 14:05 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-05-07 09:01 - 2013-02-13 09:48 - 000003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHOME-HP$
2019-05-07 09:01 - 2013-02-13 09:48 - 000000340 _____ C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job
2019-05-07 08:34 - 2018-06-03 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-07 08:31 - 2014-08-11 18:24 - 000000000 ____D C:\AdwCleaner
2019-04-26 08:39 - 2016-02-29 14:08 - 000000000 ___RD C:\Users\Home\Dropbox

==================== Files in the root of some directories =======

2013-05-03 19:08 - 2013-05-03 19:08 - 004167680 _____ () C:\Program Files (x86)\GUTC246.tmp
2015-10-10 16:49 - 2015-11-16 13:13 - 000000093 _____ () C:\Users\Home\AppData\Roaming\ARCompanion.log
2018-01-03 12:06 - 2018-01-04 10:53 - 000001862 _____ () C:\Users\Home\AppData\Roaming\downloads.json
2013-08-14 13:19 - 2013-08-14 13:19 - 000162046 _____ () C:\Users\Home\AppData\Roaming\VideoPad.dmp
2015-06-10 17:24 - 2015-09-01 08:24 - 000000177 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2013-08-10 11:29 - 2018-03-12 16:35 - 000011776 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-21 07:05 - 2018-04-21 07:05 - 000000000 _____ () C:\Users\Home\AppData\Local\{48EF422F-A40D-45A5-B26B-E71848CA3C00}
2018-04-06 14:20 - 2018-04-06 14:20 - 000000000 _____ () C:\Users\Home\AppData\Local\{6D271F56-8FC4-4D43-9619-AA1B4EE91955}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-13 13:04
==================== End of FRST.txt ============================
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
Ran by Home (17-05-2019 18:03:28)
Running from C:\Users\Home\Desktop\Tech guy
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-15 02:09:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1287311948-1235629539-2080862382-500 - Administrator - Disabled)
Guest (S-1-5-21-1287311948-1235629539-2080862382-501 - Limited - Enabled) => C:\Users\Guest
Home (S-1-5-21-1287311948-1235629539-2080862382-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1287311948-1235629539-2080862382-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-1287311948-1235629539-2080862382-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3M Products Update version 2012-05 for Microsoft Office 2010 (HKLM-x32\...\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1) (Version: - 3M Company)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AT&T Connect Participant Application v11.7.303 (HKLM-x32\...\{4DDBB234-AB68-4D47-BABA-2ED472E0B7A1}) (Version: 11.7.303 - AT&T Inc.)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cash Back Assistant (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2017.4.7.1 - Capital Intellect, Inc.)
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{0A223CAC-7FAC-4A7F-AA0F-3921A512C735}) (Version: 28.12.20.10001 - Cisco WebEx LLC)
Computer Requirements 1.0 (HKLM-x32\...\{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1) (Version: - Furst Person)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 72.4.136 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.61.1 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.8.0.1205 - Citrix Systems, Inc.)
Grammarly (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{E5D2A304-3F72-4D79-BE42-15EB2FAE4D5C}) (Version: 6.7.162 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{383f290c-ffb7-4a20-9533-a62d984c4d3f}) (Version: 6.7.162 - Grammarly)
History Viewer v5.1 (HKLM-x32\...\History Viewer_is1) (Version: - Digital Forensics Studio)
HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4701 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4700 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LogMeIn (HKLM-x32\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi PDF Converter version 5.2 (HKLM-x32\...\{43CF388F-EB3B-4AF2-9A3C-0E5A2013F598}_is1) (Version: 5.2 - Essex Software, LLC)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
[email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
[email protected] (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
Personal Color Viewer (HKLM-x32\...\{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}) (Version: 3.0.2 - Eco Color Company) Hidden
Personal Color Viewer (HKLM-x32\...\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1) (Version: 3.0.2 - Eco Color Company)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Uploader (HKLM-x32\...\{60945EFA-28EB-8202-19C1-70DD667075CB}) (Version: 1.2 - UNKNOWN) Hidden
Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
[email protected] (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
RapidPlayer v6.0 ActiveX Control (HKLM-x32\...\{31C2F32D-C5DD-4583-8181-B48591CA231C}) (Version: - )
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoboForm 8-5-8-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-5-8-8 - Siber Systems)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
Synctunes Desktop (HKLM-x32\...\{4A14B3B7-5D71-4C3F-967B-50D6A42BF7F7}) (Version: 1.1.0 - The Bit Studio)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-05] (Hewlett-Packard Company -> Hewlett-Packard)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-07-06 15:22 - 2009-07-02 17:58 - 000406016 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2011-07-06 15:22 - 2010-02-11 13:07 - 000710656 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000069120 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\MObexDll.dll
2014-02-04 11:11 - 2014-02-04 11:11 - 001605632 _____ (Samsung) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SS_RC.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2016-01-17 18:45 - 2018-12-25 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2016-01-17 18:46 - 2018-12-25 12:00 - 000233984 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
2016-01-17 18:45 - 2018-12-26 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2016-01-17 18:45 - 2018-12-26 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
2014-04-12 16:36 - 2014-04-12 16:36 - 000811008 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusDeviceManager.dll
2014-04-12 16:36 - 2014-04-12 16:36 - 001649152 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusNetworkManager.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000512000 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceDBModule.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000184320 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceModule.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000123392 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\FileAndProcessModule.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000284672 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\GlobalUtils.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000157184 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\NetworkModule.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000538624 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\Resource.dll
2014-04-10 15:21 - 2014-04-10 15:21 - 000411136 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SCommon.dll
2014-04-10 15:22 - 2014-04-10 15:22 - 000116224 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA_Modules.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
AlternateDataStreams: C:\Users\Home\Desktop\coverter music:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\alorica.com -> alorica.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.com -> aloricaathome.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.net -> aloricaathome.net
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\athpoweronline.com -> hxxps://www.athpoweronline.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\myhostedcloud.com -> hxxps://ca.myhostedcloud.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\west.com -> west.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.com -> westathome.com
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.net -> westathome.net
IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\workathomeagent.net -> workathomeagent.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-01-04 11:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\SysWOW64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 18.217.241.230
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMIMaint => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LogMeIn => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PasswordBox => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vToolbarUpdater18.1.7 => 2
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
FirewallRules: [{7BE6A925-6B15-49CC-A8FC-CC493FD28326}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00E8BD04-B77F-4E9D-9895-4DB1DBDF26CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
FirewallRules: [{A662C544-8664-4F55-8570-139EF386994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{4CBCF409-0416-4D22-AAD9-5557B5E98365}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9CE75101-9C1F-4593-93C5-6D90836EE569}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
FirewallRules: [{7FD90B51-3AFE-4434-9D20-2DCBB635D3FB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{297237F7-BB0A-40A2-ACB7-A23F2AB444A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.) [File not signed]
FirewallRules: [{BB042078-04C0-4ED7-88E3-C639BAB79E9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CA503653-B884-4F97-8B2E-EDDA8EF5C9CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F543469D-0596-47F9-9ACE-247F363E6182}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B18DFCDE-2A0A-4E81-B45F-F86C66EBB73F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E661F178-213C-40DE-88F5-EA5D64F3F239}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D98C721-6530-4E5B-9BFA-562469AAC3DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{86CDFFD9-0684-4B00-A4F8-7404A15E2EB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{35A7B644-03D5-4177-B519-DF7A6FB75B08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{DB8D4806-C46D-4CAF-962F-3A01411C55C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{AA83530D-3672-41E5-8B0D-45193AFEEB75}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [TCP Query User{96263E0B-6C83-43A5-BC4A-3FB58B4E28D7}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5152C925-8E90-456D-932A-E275A8CB326B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{360C59A5-4B37-4B04-BBDA-6B2E4BED385F}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe (The Bit Studio) [File not signed]
FirewallRules: [{A13E125E-3EFE-42DB-9CE3-798BB9C2ACC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35C14B29-7966-409A-9BE2-E5D62FB19F89}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CAE8E3DF-D2A0-4061-9C4F-386B0FF743CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{80BAB43E-3FF5-4C36-96C3-FB63667AEAAF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{87A3DE29-001F-428B-B3BA-6F86DE639719}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FECAE967-39FA-4EF7-A267-476D17E0C5F4}] => (Allow) LPort=2869
FirewallRules: [{A9501120-7964-44F7-8300-CDB6391D157C}] => (Allow) LPort=1900
FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{95A10269-FAB8-4D24-BF3D-CB9CE6C631F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8B9846D-4361-47E6-8A6A-43ABCFCBCECE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B567F05A-36B3-46E6-8A6C-1CEC268594BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{075BA779-7902-43E9-93A3-874741C5C694}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E80EB02-7F63-428F-B1FB-E69DE9C1A4BF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1F33DD0D-3AD8-4A08-AE81-BDB9F11E042A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{25785534-8B9C-4145-83AB-2149095C28CD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3265148C-DD33-496A-9025-27BB8D9EC9F3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5C48FE5D-D916-4B12-B623-8CE336952E80}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{27BC7757-C5A5-4A2F-9816-68D75C7FC4AF}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2324DD7-0EFA-4FB0-A2C5-D720B58D3D8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{3DBCFACF-D232-4778-907F-5126BEF4E2C2}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )
FirewallRules: [{7206B97D-EBAF-46CF-A71E-D9B1A2D64D37}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AC0F35B9-D823-4457-A6BA-0CBA417E40AD}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{43F50CFC-37EC-4EFC-9564-75E0061FE288}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{F2614A68-0871-49D6-8E10-D4AA296F0796}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{76A2593A-AEEE-4A70-85AE-67D926E807E1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{B47052B2-7DC8-4DB1-9B6F-C5AD88426A46}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1B9FE451-6A60-42A3-BC15-7C01BAB8E66C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{44D14047-BB62-4337-8A23-911AC01C3C1F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{44676FDA-3F7D-428C-AB34-32D3CE7F0153}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{95AD0F24-6886-428C-B553-7CE0D507FA0E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{647A18B3-0B73-4773-AF8E-7A4A1B78FF58}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C6CE9C92-3B3E-45F4-A3A1-3880B7506B45}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{536140A5-49A6-401B-84F7-487BFFCD923B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{D172F2DB-164D-4E6A-AFBA-833025C7C41A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

03-05-2019 08:56:10 Windows Update
09-05-2019 08:09:32 Windows Update
12-05-2019 09:40:45 Windows Update
14-05-2019 09:14:05 Windows Update
14-05-2019 12:57:21 Removed Microsoft Silverlight
14-05-2019 13:00:56 Configured HP
16-05-2019 03:01:17 Windows Update
16-05-2019 11:30:34 Removed RevTraxPrintMyCoupon
16-05-2019 11:31:43 Removed RevTraxPrintMyCoupon

==================== Faulty Device Manager Devices =============

Name: MpKslf3e2724b
Description: MpKslf3e2724b
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf3e2724b
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2019 12:56:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

Error: (05/17/2019 12:56:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379

Error: (05/17/2019 12:56:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/17/2019 10:49:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5601

Error: (05/17/2019 10:49:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5601

Error: (05/17/2019 10:49:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/17/2019 09:16:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/17/2019 02:33:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6864


System errors:
=============
Error: (05/17/2019 11:27:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (05/17/2019 11:16:40 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/17/2019 11:09:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/17/2019 09:13:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intuit Update Service v4 service hung on starting.

Error: (05/17/2019 09:11:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The GoodSync Server service hung on starting.

Error: (05/17/2019 09:07:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (05/17/2019 09:06:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (05/17/2019 09:06:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2014-08-18 04:07:22.688
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
Name:Adware:Win32/BetterSurf
ID:200821
Severity:High
Category:Adware
Path Found:containerfile:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx->[ChromeCrxPackage]->ffWebexpEnhancedV1alpha177chaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome.manifest;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177ffaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\default\WebexpEnhancedV1alpha177_32.png;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\Thumbs.db;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrom
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2014-07-23 03:55:59.960
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
Name:Adware:Win32/BetterSurf
ID:200821
Severity:High
Category:Adware
Path Found:containerfile:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;containerfile:C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1416\ch\MediaViewerV1alpha1416.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2722\ch\MediaViewV1alpha2722.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3234\ch\MediaViewV1alpha3234.crx;containerfile:C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home386\ch\MediaWatchV1home386.crx;containerfile:C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta351\ch\VideoPlayerV3beta351.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx->[ChromeCrxPackage]->ffMediaPlayerV1alpha773chaction.js;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome.manifest;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome\content\ffMediaPlayerV1al
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2014-08-11 10:08:12.022
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2014-08-11 10:08:12.022
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:
Error code:0x80070002
Error description:The system cannot find the file specified.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 6.09 03/24/2011
Motherboard: Hewlett-Packard 2AA7
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 63%
Total physical RAM: 5943.11 MB
Available physical RAM: 2197.42 MB
Total Virtual: 11884.37 MB
Available Virtual: 6815.28 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.18 GB) (Free:700.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:21.24 GB) (Free:2.6 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{820ec235-2ec0-11e2-abc8-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B0CF9B15)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
839
Hi,

Uninstall a Chrome Extension
  • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
  • Click the trash can icon next to the following extension(s):
    Code:
    Hola Free VPN Proxy Unblocker
    Online Safety
  • A confirmation dialog will appear. Click Remove.

-------------------------------------

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
Code:
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]
2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq

HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File

DeleteValue: HKLM\Software\WOW6432Node\Microsoft\Windows\Currentversion\Uninstall|{4956ACE3-F537-4418-BB45-FD52395275A7}
VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Home\AppData\Local\Programs\CouponViewer
C:\Users\Home\AppData\Roaming\CATALI~1
C:\Program Files (x86)\IObit
C:\Users\Home\AppData\Local\Rich Media Player

End
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log (fixlog.txt) in the same folder/directory as FRST
  • Please post the contents of fixlog.txt in your next reply.
 

aimee

Thread Starter
Joined
Apr 23, 2001
Messages
163
Just fyi, when I pressed Cntrl+y a notepad file opened but the name wasn't fixlist, it was a long string of characters, several of those windows opened if I held Cntrl+y each window had a different name.
I was able to proceed and the result is below but I think those files are now on my system...I **think**

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-05.2019
Ran by Home (18-05-2019 16:31:21) Run:1
Running from C:\Users\Home\Desktop\Tech guy\FRST-OlderVersion
Loaded Profiles: Home (Available Profiles: Home & LogMeInRemoteUser & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]
2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq

HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File

DeleteValue: HKLM\Software\WOW6432Node\Microsoft\Windows\Currentversion\Uninstall|{4956ACE3-F537-4418-BB45-FD52395275A7}
VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Home\AppData\Local\Programs\CouponViewer
C:\Users\Home\AppData\Roaming\CATALI~1
C:\Program Files (x86)\IObit
C:\Users\Home\AppData\Local\Rich Media Player

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.exe => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8}" => removed successfully
C:\Windows\System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CAD0DAE7-4564-475A-BB09-8BE928BE931E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC0E823-AFA2-4D53-994A-E9801BD2B5AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC0E823-AFA2-4D53-994A-E9801BD2B5AA}" => removed successfully
C:\Windows\System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A77B0BEF-406F-4756-8F8C-94C07B00B496}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA6064A0-6007-4938-895E-81B9ECDC1EC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA6064A0-6007-4938-895E-81B9ECDC1EC5}" => removed successfully
C:\Windows\System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE7EBA4D-EE80-4D28-964B-09D14BE20417}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD0FA4F2-4CBE-4BC7-A633-F1019A622F46}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD0FA4F2-4CBE-4BC7-A633-F1019A622F46}" => removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Home) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Home)" => removed successfully
C:\Windows\Tasks\CouponViewer Toolbar.job => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
"HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Mozilla\Firefox\Extensions\\@CustomNewTab" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKU\.DEFAULT\Software\MozillaPlugins\gingersoftware.com/gingerPlugin => removed successfully
"C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll" => not found
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => removed successfully
"C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eammbikighnmacpfdhmcccgnfojcdhgn => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim => removed successfully
HKLM\System\CurrentControlSet\Services\hpqwmiex => removed successfully
hpqwmiex => service removed successfully
HKLM\System\CurrentControlSet\Services\avchv => removed successfully
avchv => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz134 => removed successfully
cpuz134 => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKslf3e2724b => removed successfully
MpKslf3e2724b => service removed successfully
HKLM\System\CurrentControlSet\Services\nsodcduk => removed successfully
nsodcduk => service removed successfully
HKLM\System\CurrentControlSet\Services\sezncdzw => removed successfully
sezncdzw => service removed successfully
C:\Users\Home\AppData\Local\ProgsUpdate.FullPath => moved successfully
C:\Users\Home\AppData\Local\OysterPresentingReload => moved successfully
C:\Program Files (x86)\EquiangularBioassayffq => moved successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\ChromeHTML => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850} => removed successfully
HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\ProgramData\Temp => ":373E1720" ADS removed successfully
C:\ProgramData\Temp => ":B946D9EE" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3D47993-0D64-4047-9904-D4C992FF5660}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00F6CD62-4F61-4604-AFD0-F08FC2C00628}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA7E54D8-503E-49DB-B0E8-F12396915F89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{052BCD0B-5F3A-473D-8640-20FA18EE0961}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0D4F646-902F-4D4A-863B-D35A50FD1A05}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E4D1A68-2768-4EB7-9F59-9830737D74CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{847B5864-1AA4-4900-834A-8EF958463F5E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90265E35-58EE-4342-BA10-DBB1C3D366C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC5B1484-9861-406B-9583-E7FBBD8E21BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05F74CF6-683A-410F-93E7-CF427AE2E297}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32032522-6213-40C8-9977-DBC56329DB5E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA620A35-E4B4-4362-8F34-35B1E91A0696}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E0F222F-A14A-4749-8EE6-8273E74AB274}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0D53210-965F-4FF7-B38E-BB029B9680BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{218C699F-EA3E-4E2C-BD25-60815DEA8295}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93F88390-FA84-4577-A4A6-A9AA77525DFB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FD1933C-070A-4F59-B910-FC7736365C30}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2DEC8FF-461C-4D37-AF06-D0913594CC04}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09569B3D-22DC-4C18-A33E-F7E44B27C535}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E0A0B65-9410-47D2-8B85-C864E86DE096}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18884B08-A31D-45B7-9D93-CC50BB1B691E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6216210E-37B4-417C-B48B-5FD7F44B38CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D7E67DB-87BC-4D10-877C-8C39B06A405C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{259838F4-09CB-421C-B48E-07C2BB48E0FB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB6623FC-6144-4E10-BECE-874200C8EE9E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30A594F0-035D-4043-829E-D9CF9D49604C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B126F13-E343-4FCE-BF97-F4311AF026F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{793E8149-8010-498C-9039-A02675B3222F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71245F99-2A20-4474-9B15-3FA28FF45D28}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\Currentversion\Uninstall\\{4956ACE3-F537-4418-BB45-FD52395275A7}" => not found
VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe => https://www.virustotal.com/file/529...cbb6bbab80d7e54fe7d2546d/analysis/1558107520/
C:\Users\Home\AppData\Local\Programs\CouponViewer => moved successfully
"C:\Users\Home\AppData\Roaming\CATALI~1" => not found
"C:\Program Files (x86)\IObit" => not found
"C:\Users\Home\AppData\Local\Rich Media Player" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 427660990 B
Java, Flash, Steam htmlcache => 23315 B
Windows/system/drivers => 158096738 B
Edge => 0 B
Chrome => 456186971 B
Firefox => 103778 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 170062 B
systemprofile32 => 49653 B
LocalService => 132244 B
NetworkService => 142121262 B
Home => 1528123263 B
LogMeInRemoteUser => 33058 B
Guest => 13663991 B

RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:34:20 ====
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top