1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Somethings up!

Discussion in 'Virus & Other Malware Removal' started by aimee, May 14, 2019.

Advertisement
  1. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    My pc is really bogged down. For some reason, recently, when I select IE, two IE windows attempt to open. It doesn't happen with Chrome but I use IE more so it's a bit of a hassle. Not the end of the world to close one window out but I've also noticed that I can only perform one function at a time now. When I go to a desired website it's fine but then when I try to open email or another site it just buffers. I have to end out of everything and now I'm having to completely reboot. Have run Malware Bytes, found a few things that are quarantined but there's not difference in performance. Ideas?
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,993
    First Name:
    Frank
    Be patient until one of the malware specialists here replies to you.

    We need some information about your computer and its Windows operating system, so please do the following in it:
    Download and save the TSG System Information Utility (SysInfo.exe) file.
    After it's been downloaded and saved, double-click it to run it.
    Information about your computer will appear.
    Return here, then copy-and-paste the ENTIRE text in your reply.

    ----------------------------------------------------------------
     
  3. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 5943 Mb
    Graphics Card: Intel(R) HD Graphics, -1348 Mb
    Hard Drives: C: 910 GB (704 GB Free); D: 21 GB (2 GB Free);
    Motherboard: Hewlett-Packard, 2AA7
    Antivirus: None
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi aimee, Welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.
    --------------------

    Farbar Recovery Scan Tool (FRST) 64 bit
    • Download FRST64 to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
     
  5. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05.2019 01
    Ran by Home (administrator) on HOME-HP (Hewlett-Packard 610-1010t) (14-05-2019 16:31:23)
    Running from C:\Users\Home\Desktop\Tech guy
    Loaded Profiles: Home (Available Profiles: Home & LogMeInRemoteUser & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_32_0_0_142_ActiveX.exe
    (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Amazon Services LLC -> ) C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
    (Cermak Technologies, Inc. -> TechGuy, Inc.) C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PI6Z9JK\SysInfo.exe
    (CyberLink -> CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\72.4.136\QtWebEngineProcess.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
    (Siber Systems -> ) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
    (Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
    (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Norton Online Backup] => c:\program files (x86)\symantec\norton online backup\nobuclient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard) [File not signed]
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete -> PDF Complete Inc)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537600 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [Google Update] => C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [BingSvc] => C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {3c0703f9-00ff-11e3-a919-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {820ec244-2ec0-11e2-abc8-806e6f6e6963} - E:\setup.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {9e87ae17-c354-11e3-8702-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {cd1340a1-61c5-11e4-8665-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {d3f06c4f-c239-11e3-ab57-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {fcf4368a-dce4-11e3-80d7-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{104AA62D-D285-4BF9-87ED-CC68F20CDD0F}] -> C:\Program Files (x86)\Amazon\Amazon Assistant\AmazonAssistantTaskbar.exe /pin:
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-10]
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {055B8EAC-3D40-47E5-8346-B258CD79B51B} - System32\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {058AA6F6-9320-45E3-B576-6AD8BF450B2E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {0B30940D-927E-4F2A-A82C-73CD3A7E1FC7} - System32\Tasks\{4B5D1208-15B7-4657-8063-D640656DCE04} => C:\Users\Home\AppData\Roaming\Smilebox\SmileboxStarter.exe
    Task: {153725A3-EF58-42CA-96C2-B00A9C84B2FF} - System32\Tasks\HPCeeScheduleForHOME-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-09-14] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {2E06CBDD-C7DD-4DCF-8B8E-00E779B483E2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {31C3E094-6744-4ED6-AB54-BFE686639E2C} - System32\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {410EB72E-CABE-4091-8A6C-F4A391CF3FBF} - System32\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {41309504-B05D-4316-95AC-DBAE767201C7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
    Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
    Task: {50F68914-DD26-467D-8126-24E5A8866878} - System32\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {53071935-EE96-43E9-8211-386E7826A3E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
    Task: {54739C41-D1C6-43B4-A749-B824F0EB1431} - System32\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {5BAD9E8C-1897-47C7-8398-C755E2F7183C} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\Overwolf.exe
    Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
    Task: {5E9FB838-6F6C-448F-9682-214D8F2B26AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {706BEABC-9344-4396-997E-CEA5623905A3} - System32\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {777637E4-EF74-4780-A5EA-6FA583DD76B1} - System32\Tasks\Amazon Music Helper => C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
    Task: {7853C6A7-331B-4AC7-9861-D1C57B16AF19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {91CC2D29-A48F-4D2F-967C-963EDD5A3944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {94F403B1-CFA4-4C54-95AE-ABA2E1B2541F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {9696DF0C-4A2C-405F-B249-E6A9AAA77096} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
    Task: {977FC7CB-A926-4046-8B73-204413F74D9C} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLJPMKJPMGMOMIMNMCNHMGMJJLMCNLMLJOJLJCNNJNMNJMMCNLJJJGMKJGMKJJJKMOMNMPMIMJNJICMHMCNKMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMNMKMKMJNHICMEKMICNJJCKJNBJCMLIIJKJAJNIIJKJPLKICJGJMJHJBNKJLJKIJNKJCML (the data entry has 100 more characters).
    Task: {A1C48D45-A5F6-480B-B211-BD0A304E166E} - System32\Tasks\GoogleUpdateTaskMachineCore1cfea87c073e9d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {C0B1DBCC-63A1-4C59-9288-0A6C7D9E78BD} - System32\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {C8D4921B-647E-4E8C-B16C-9DA5AA708FA7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [136488 2010-09-03] (CyberLink -> CyberLink)
    Task: {CEC60F82-A8BC-457A-A898-969C00B014C2} - System32\Tasks\GoogleUpdateTaskMachineUA1cfea87c1768517 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {DDA6347A-68C8-4368-91E2-35CD44CDE86E} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [1248312 2011-08-11] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {E8B3FDB7-4D70-4422-B925-63026C20B618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001UA => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
    Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
    Task: {F684044D-1F6A-4FAD-B280-1EDC0AF55329} - System32\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {F70B8165-F38F-44D4-9819-F70E9093C77B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001Core => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
    Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{368E3CF1-07EC-4441-891C-5E28240268C8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{42242F2F-8E4B-4DA6-9775-E3701AB62209} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{C4AFC024-FCDF-4AB2-9764-48819F092604} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D915748D-8CD4-46BC-B741-E4303DB6764E} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [NameServer] 18.217.241.230
    Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{A0736165-0B27-488A-B801-08BC8DE7312B}: [NameServer] 18.221.254.213

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=befhp&type=iehp-4.7-1805
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.bing.com/
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {6271CD1C-3937-485A-9A09-A593F7069707} URL = hxxps://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-4.7-1805
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} hxxp://www.photodex.com/pxplay.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default [2018-06-03]
    FF Homepage: mozilla\firefox\Profiles\gcq5yow9.default -> hxxps://www.malwarebytes.org/restorebrowser/param1=y6bdVFVIsvuYsgEClQfz8KTL4HLBF1wBOkVfCJhNXY6t%2BipeZtEdYEFU7g9wi2bjIBeUCUPthp5B6ksGPGKrbSvIuQEt%2Btfdhn4OjEPtw4RL34QkqUDQg4Om0RSqp268rFH1Dj12wyPVJ1yqCAejaMA9EmgI7js%2B5iznHYu2SE%2BhRWfCqGRqtfL4EE2mAfZodmVSL70XSoSwvZgAlkYsPymfHasWUYgx4Ysn54lCBFItVZfkZs%2FaBSaM8AU2onPMSbuBN37X60q3mx2yG0v9gy6inyqmiFG9PqXN%2F0ilrB0%3D
    FF Extension: (Firefox Hotfix) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2016-10-07] [Legacy]
    FF Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2017-10-26]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\bing-lavasoft-ff59.xml [2018-04-01]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\Yahoo powered search.xml [2019-05-03]
    FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2017-11-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-07] [Legacy] [not signed]
    FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-11-10] ( ) [File not signed]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-16] (Citrix Online -> Citrix Online)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @hulu.com/Hulu Desktop -> C:\Users\Home\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu -> Hulu LLC)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Home\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-08-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Home\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2016-01-18] (RevTrax) [File not signed]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> bing.com
    CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7%2FSBHDoRu0l7POinR9MfVMrBz2a6PLaTDh3EQbeGQVoY9hhitelfGOYzrRBS6Ykx2EF%2Fl5MVqxUcwTHy2w%2FUubEiNKi7C0uFbcfHNHlV67qOTK92lxHCZCVQVhWBodQuit%2BHzA4S9mJ0Dqe02w3fnkPTghBBJyA%2FDdvSr7x22obIC%2BHK71vZ5yYlg6850zbInDOBE%2BMV7E4CbZldwxDim7dPLXo33ZUYhJuCkXK5GzwE%3D","hxxps://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7m8LAeZoS4G9z2zivyIMrMZ%2Bms%2F%2BvWGjvjP%2BFW7vbLHzobA3%2FyHKfKpNwU%2F0ISyQOl6dP5NGFHzjn94AGAfBBV5fURd9XfuHdx5ruP3T9JBsPP7idrVvGnWB%2B4k0wJM3SvXB461fU2xkgQz64xGOEykKM4aAEz%2Fd7ItXjn11IJvyNVqVygNOgNmI%2FM0mXKKu53yBhyf8XiE9RKhvZ8N9jJQ%3D%3D&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.yahoo.com
    CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7PvtYauGJUfR6ThlzvtlpDX8mZmhlM1UewwJGPVqWtATNuw37hss8HKCaFs1ZA2ZTlSermjkGUhnsGPMgPt0agrtGGhVRmnbpVN6ugGdha4D7Xzf6PdAyEcLLUfuiJEFpVmEilieRcDbvi%2BrWzlZk2PdDFFGGIJPVkcDO%2FWOl4RDR%2FmT5W8fSgzyYNL4YzgN4MQujhLvIuCYDqz9w%2FcMTNg%3D%3D
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2019-05-14]
    CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
    CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-24]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-18]
    CHR Extension: (Honey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-05-02]
    CHR Extension: (Bing Homepage) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdldbgojabdbiapkfeldpfmbecmcaoec [2019-01-01]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
    CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
    CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
    CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-05-14]
    CHR Extension: (Grammarly for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-14]
    CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2019-05-14]
    CHR Extension: (Online Safety) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledpmklechmkjngjilbfpogiehjbemkj [2019-04-12]
    CHR Extension: (Wikibuy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-05-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
    CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
    CHR Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2019-04-12]
    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]
    CHR HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cdldbgojabdbiapkfeldpfmbecmcaoec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
    S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-01] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2018-02-09] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
    S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AC_Service.exe [309712 2016-11-05] (Citrix Online -> Citrix Systems, Inc.)
    R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9553632 2016-10-01] (Siber Systems -> )
    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
    S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation -> Symantec Corporation)
    S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
    S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete -> PDF Complete Inc)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
    S4 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [399344 2010-09-11] (Sonic Solutions -> Roxio)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [318464 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies -> AVG Technologies)
    R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-09-03] (CyberLink -> CyberLink Corporation)
    S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-08] (Martin Malik - REALiX -> REALiX(tm))
    R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    S3 Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [158976 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2016-07-08] (ITE Tech. Inc. -> ITE Tech. Inc. )
    R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S4 LMIRfsClientNP; no ImagePath
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-14] (Malwarebytes Corporation -> Malwarebytes)
    R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2016-07-08] (MEDIATEK INC. -> MediaTek Inc.)
    R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [77824 2010-01-22] (Microsoft Windows Hardware Compatibility Publisher -> NEC Electronics Corporation)
    R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2016-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
    S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-07-08] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-08] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [536576 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    U1 aswbdisk; no ImagePath
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
    S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-14 16:31 - 2019-05-14 16:31 - 000000000 ____D C:\FRST
    2019-05-14 16:30 - 2019-05-14 16:31 - 000000000 ____D C:\Users\Home\Desktop\Tech guy
    2019-05-14 13:29 - 2019-05-14 13:29 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-05-12 14:57 - 2019-05-12 15:14 - 000000000 ____D C:\Users\Home\Desktop\Alcon
    2019-05-08 08:03 - 2019-05-08 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-05-07 15:51 - 2019-05-07 15:51 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
    2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
    2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
    2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
    2019-05-07 08:34 - 2019-05-07 08:34 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-05-07 08:34 - 2019-05-07 08:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-05-07 08:34 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
    2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
    2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq
    2019-04-16 08:56 - 2019-04-16 08:56 - 000000000 ____D C:\Users\Home\Downloads\FontBundles-Restuner-Script
    2019-04-16 08:44 - 2019-04-16 08:44 - 000363369 _____ C:\Users\Home\Downloads\FontBundles-Restuner-Script (1).zip

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-14 16:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
    2019-05-14 16:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
    2019-05-14 16:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
    2019-05-14 16:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
    2019-05-14 16:07 - 2016-10-17 08:07 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
    2019-05-14 16:07 - 2016-10-17 08:07 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
    2019-05-14 15:57 - 2012-11-26 15:53 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2019-05-14 15:50 - 2016-02-29 14:05 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2019-05-14 15:49 - 2016-01-17 18:49 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job
    2019-05-14 15:49 - 2016-01-17 18:49 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job
    2019-05-14 13:45 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-05-14 13:45 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-05-14 13:29 - 2016-02-29 14:05 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2019-05-14 13:29 - 2012-11-26 15:53 - 000000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2019-05-14 13:28 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-05-14 13:02 - 2011-07-06 15:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2019-05-14 08:42 - 2012-11-16 19:59 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3C32409-668F-4FA3-9651-2571686A5B6A}
    2019-05-13 10:21 - 2013-03-12 08:36 - 000000000 ____D C:\Users\Home\Documents\Outlook Files
    2019-05-12 22:11 - 2013-02-25 10:19 - 000000000 ____D C:\Users\Home\AppData\Roaming\Skype
    2019-05-12 14:32 - 2009-07-14 01:13 - 000787576 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-05-12 14:32 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2019-05-12 14:26 - 2018-03-28 14:18 - 000000258 __RSH C:\ProgramData\ntuser.pol
    2019-05-11 21:19 - 2017-07-26 23:39 - 000003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1287311948-1235629539-2080862382-1001
    2019-05-11 21:19 - 2014-02-20 14:24 - 000002160 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2019-05-11 21:19 - 2013-05-13 10:53 - 000000000 ___RD C:\Users\Home\SkyDrive
    2019-05-09 12:07 - 2018-03-17 18:46 - 000000000 ____D C:\Users\Home\Desktop\Ebay
    2019-05-09 12:02 - 2014-03-14 07:36 - 000000000 ____D C:\Users\Home\AppData\Local\EDEA3002-5618-4EF1-8A2C-01276660F85C.aplzod
    2019-05-08 08:03 - 2016-02-29 14:05 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-05-07 09:01 - 2013-02-13 09:48 - 000003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHOME-HP$
    2019-05-07 09:01 - 2013-02-13 09:48 - 000000340 _____ C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job
    2019-05-07 08:34 - 2018-06-03 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-05-07 08:31 - 2014-08-11 18:24 - 000000000 ____D C:\AdwCleaner
    2019-05-07 08:31 - 2012-11-16 20:52 - 000000000 ____D C:\Users\Home\AppData\Local\CrashDumps
    2019-05-03 08:58 - 2012-11-26 15:53 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-05-03 08:58 - 2012-11-26 15:53 - 000002064 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-04-26 08:39 - 2016-02-29 14:08 - 000000000 ___RD C:\Users\Home\Dropbox
    2019-04-17 07:41 - 2009-07-14 00:45 - 000447808 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-04-16 08:45 - 2012-11-14 22:13 - 000129160 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
    2019-04-16 08:41 - 2017-08-15 09:37 - 000000141 _____ C:\Users\Home\Desktop\Font Bundles - The Best Free and Premium Fonts.url
    2019-04-15 12:32 - 2012-11-14 19:24 - 000000000 ____D C:\Users\Home\AppData\Local\Apple Computer
    2019-04-15 12:30 - 2014-09-29 20:58 - 000000000 ____D C:\Users\Home\Desktop\CAROLINE

    ==================== Files in the root of some directories =======

    2013-05-03 19:08 - 2013-05-03 19:08 - 004167680 _____ () C:\Program Files (x86)\GUTC246.tmp
    2015-10-10 16:49 - 2015-11-16 13:13 - 000000093 _____ () C:\Users\Home\AppData\Roaming\ARCompanion.log
    2018-01-03 12:06 - 2018-01-04 10:53 - 000001862 _____ () C:\Users\Home\AppData\Roaming\downloads.json
    2013-08-14 13:19 - 2013-08-14 13:19 - 000162046 _____ () C:\Users\Home\AppData\Roaming\VideoPad.dmp
    2015-06-10 17:24 - 2015-09-01 08:24 - 000000177 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2013-08-10 11:29 - 2018-03-12 16:35 - 000011776 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-04-21 07:05 - 2018-04-21 07:05 - 000000000 _____ () C:\Users\Home\AppData\Local\{48EF422F-A40D-45A5-B26B-E71848CA3C00}
    2018-04-06 14:20 - 2018-04-06 14:20 - 000000000 _____ () C:\Users\Home\AppData\Local\{6D271F56-8FC4-4D43-9619-AA1B4EE91955}

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-05-13 13:04
    ==================== End of FRST.txt ============================
     
  6. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05.2019 01
    Ran by Home (14-05-2019 16:35:25)
    Running from C:\Users\Home\Desktop\Tech guy
    Windows 7 Home Premium Service Pack 1 (X64) (2012-11-15 02:09:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1287311948-1235629539-2080862382-500 - Administrator - Disabled)
    Guest (S-1-5-21-1287311948-1235629539-2080862382-501 - Limited - Enabled) => C:\Users\Guest
    Home (S-1-5-21-1287311948-1235629539-2080862382-1001 - Administrator - Enabled) => C:\Users\Home
    HomeGroupUser$ (S-1-5-21-1287311948-1235629539-2080862382-1002 - Limited - Enabled)
    LogMeInRemoteUser (S-1-5-21-1287311948-1235629539-2080862382-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3M Products Update version 2012-05 for Microsoft Office 2010 (HKLM-x32\...\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1) (Version: - 3M Company)
    64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
    Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.142 - Adobe Systems Incorporated)
    Amazon Assistant (HKLM-x32\...\{0538B1C2-85C1-4ECC-BA77-61F537D81092}) (Version: 10.18.0221 - Amazon) <==== ATTENTION
    Amazon Music (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AT&T Connect Participant Application v11.7.303 (HKLM-x32\...\{4DDBB234-AB68-4D47-BABA-2ED472E0B7A1}) (Version: 11.7.303 - AT&T Inc.)
    Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cash Back Assistant (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2017.4.7.1 - Capital Intellect, Inc.)
    Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{0A223CAC-7FAC-4A7F-AA0F-3921A512C735}) (Version: 28.12.20.10001 - Cisco WebEx LLC)
    Computer Requirements 1.0 (HKLM-x32\...\{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1) (Version: - Furst Person)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 72.4.136 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
    DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
    Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
    Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
    EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
    Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.61.1 - Siber Systems)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Photos Backup (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.8.0.1205 - Citrix Systems, Inc.)
    Grammarly (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
    Grammarly for Microsoft® Office Suite (HKLM\...\{E5D2A304-3F72-4D79-BE42-15EB2FAE4D5C}) (Version: 6.7.162 - Grammarly) Hidden
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{383f290c-ffb7-4a20-9533-a62d984c4d3f}) (Version: 6.7.162 - Grammarly)
    History Viewer v5.1 (HKLM-x32\...\History Viewer_is1) (Version: - Digital Forensics Studio)
    HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
    HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
    HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
    HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
    HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
    HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
    HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
    HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
    HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
    HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4701 - Hewlett-Packard)
    HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
    HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4700 - Hewlett-Packard)
    HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
    HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
    HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
    HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
    HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
    HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
    HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
    HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
    HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
    Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    LogMeIn (HKLM-x32\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Multi PDF Converter version 5.2 (HKLM-x32\...\{43CF388F-EB3B-4AF2-9A3C-0E5A2013F598}_is1) (Version: 5.2 - Essex Software, LLC)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
    [email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
    [email protected] (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
    Personal Color Viewer (HKLM-x32\...\{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}) (Version: 3.0.2 - Eco Color Company) Hidden
    Personal Color Viewer (HKLM-x32\...\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1) (Version: 3.0.2 - Eco Color Company)
    Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
    PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Picasa Uploader (HKLM-x32\...\{60945EFA-28EB-8202-19C1-70DD667075CB}) (Version: 1.2 - UNKNOWN) Hidden
    Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
    [email protected] (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
    RapidPlayer v6.0 ActiveX Control (HKLM-x32\...\{31C2F32D-C5DD-4583-8181-B48591CA231C}) (Version: - )
    Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
    Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
    RevTraxPrintMyCoupon (HKLM-x32\...\{A3F9A883-1D51-4D0F-83F6-2D060A26C8E9}) (Version: 1.0.0.0 - RevTrax)
    Rich Media Player (HKLM-x32\...\Rich Media Player) (Version: 1.0.0.464 - Radiocom) <==== ATTENTION
    RoboForm 8-5-8-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-5-8-8 - Siber Systems)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
    SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.22.002 - Portrait Displays, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
    SSOption (HKLM-x32\...\AlphaLab software) (Version: 2.0.9.1 - AlphaLab Corp.) <==== ATTENTION
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    Synctunes Desktop (HKLM-x32\...\{4A14B3B7-5D71-4C3F-967B-50D6A42BF7F7}) (Version: 1.1.0 - The Bit Studio)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Zoom (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-05] (Hewlett-Packard Company -> Hewlett-Packard)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2011-07-06 15:22 - 2009-07-02 17:58 - 000406016 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    2011-07-06 15:22 - 2010-02-11 13:07 - 000710656 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000069120 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\MObexDll.dll
    2014-02-04 11:11 - 2014-02-04 11:11 - 001605632 _____ (Samsung) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SS_RC.dll
    2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
    2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
    2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
    2016-01-17 18:46 - 2018-12-25 12:00 - 000233984 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
    2016-01-17 18:45 - 2018-12-26 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
    2014-04-12 16:36 - 2014-04-12 16:36 - 000811008 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusDeviceManager.dll
    2014-04-12 16:36 - 2014-04-12 16:36 - 001649152 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusNetworkManager.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000512000 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceDBModule.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000184320 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceModule.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000123392 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\FileAndProcessModule.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000284672 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\GlobalUtils.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000157184 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\NetworkModule.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000538624 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\Resource.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000411136 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SCommon.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000116224 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA_Modules.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
    AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
    AlternateDataStreams: C:\Users\Home\Desktop\coverter music:com.dropbox.attributes [168]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\alorica.com -> alorica.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.com -> aloricaathome.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.net -> aloricaathome.net
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\amazon.com -> hxxps://amazon.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\athpoweronline.com -> hxxps://www.athpoweronline.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\myhostedcloud.com -> hxxps://ca.myhostedcloud.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\west.com -> west.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.com -> westathome.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.net -> westathome.net
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\workathomeagent.net -> workathomeagent.net

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2018-01-04 11:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\SysWOW64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 18.217.241.230
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AESTFilters => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: CalendarSynchService => 2
    MSCONFIG\Services: DTSRVC => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: HPClientSvc => 2
    MSCONFIG\Services: IntuitUpdateServiceV4 => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LavasoftAdAwareService11 => 2
    MSCONFIG\Services: LMIGuardianSvc => 2
    MSCONFIG\Services: LMIMaint => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: LogMeIn => 2
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: PasswordBox => 2
    MSCONFIG\Services: pdfcDispatcher => 2
    MSCONFIG\Services: PdiService => 2
    MSCONFIG\Services: RoxioNow Service => 2
    MSCONFIG\Services: Skype C2C Service => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: STacSV => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: vToolbarUpdater18.1.7 => 2
    MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
    MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
    FirewallRules: [{7BE6A925-6B15-49CC-A8FC-CC493FD28326}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{00E8BD04-B77F-4E9D-9895-4DB1DBDF26CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
    FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
    FirewallRules: [{A662C544-8664-4F55-8570-139EF386994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
    FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
    FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
    FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
    FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
    FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{4CBCF409-0416-4D22-AAD9-5557B5E98365}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{9CE75101-9C1F-4593-93C5-6D90836EE569}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
    FirewallRules: [{7FD90B51-3AFE-4434-9D20-2DCBB635D3FB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
    FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{297237F7-BB0A-40A2-ACB7-A23F2AB444A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.) [File not signed]
    FirewallRules: [{BB042078-04C0-4ED7-88E3-C639BAB79E9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{CA503653-B884-4F97-8B2E-EDDA8EF5C9CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{F543469D-0596-47F9-9ACE-247F363E6182}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B18DFCDE-2A0A-4E81-B45F-F86C66EBB73F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{E661F178-213C-40DE-88F5-EA5D64F3F239}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7D98C721-6530-4E5B-9BFA-562469AAC3DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{86CDFFD9-0684-4B00-A4F8-7404A15E2EB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
    FirewallRules: [{35A7B644-03D5-4177-B519-DF7A6FB75B08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
    FirewallRules: [{DB8D4806-C46D-4CAF-962F-3A01411C55C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
    FirewallRules: [{AA83530D-3672-41E5-8B0D-45193AFEEB75}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
    FirewallRules: [TCP Query User{96263E0B-6C83-43A5-BC4A-3FB58B4E28D7}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [UDP Query User{5152C925-8E90-456D-932A-E275A8CB326B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{360C59A5-4B37-4B04-BBDA-6B2E4BED385F}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe (The Bit Studio) [File not signed]
    FirewallRules: [{A13E125E-3EFE-42DB-9CE3-798BB9C2ACC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{35C14B29-7966-409A-9BE2-E5D62FB19F89}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{CAE8E3DF-D2A0-4061-9C4F-386B0FF743CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{80BAB43E-3FF5-4C36-96C3-FB63667AEAAF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{87A3DE29-001F-428B-B3BA-6F86DE639719}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{FECAE967-39FA-4EF7-A267-476D17E0C5F4}] => (Allow) LPort=2869
    FirewallRules: [{A9501120-7964-44F7-8300-CDB6391D157C}] => (Allow) LPort=1900
    FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{95A10269-FAB8-4D24-BF3D-CB9CE6C631F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C8B9846D-4361-47E6-8A6A-43ABCFCBCECE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B567F05A-36B3-46E6-8A6C-1CEC268594BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{075BA779-7902-43E9-93A3-874741C5C694}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0E80EB02-7F63-428F-B1FB-E69DE9C1A4BF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{1F33DD0D-3AD8-4A08-AE81-BDB9F11E042A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{25785534-8B9C-4145-83AB-2149095C28CD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{3265148C-DD33-496A-9025-27BB8D9EC9F3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{5C48FE5D-D916-4B12-B623-8CE336952E80}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{27BC7757-C5A5-4A2F-9816-68D75C7FC4AF}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A2324DD7-0EFA-4FB0-A2C5-D720B58D3D8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
    FirewallRules: [{3DBCFACF-D232-4778-907F-5126BEF4E2C2}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )
    FirewallRules: [{7206B97D-EBAF-46CF-A71E-D9B1A2D64D37}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{AC0F35B9-D823-4457-A6BA-0CBA417E40AD}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{43F50CFC-37EC-4EFC-9564-75E0061FE288}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{F2614A68-0871-49D6-8E10-D4AA296F0796}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{76A2593A-AEEE-4A70-85AE-67D926E807E1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{B47052B2-7DC8-4DB1-9B6F-C5AD88426A46}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{1B9FE451-6A60-42A3-BC15-7C01BAB8E66C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{44D14047-BB62-4337-8A23-911AC01C3C1F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{44676FDA-3F7D-428C-AB34-32D3CE7F0153}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{95AD0F24-6886-428C-B553-7CE0D507FA0E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{647A18B3-0B73-4773-AF8E-7A4A1B78FF58}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{C6CE9C92-3B3E-45F4-A3A1-3880B7506B45}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{FDCC4D4D-1FE2-459C-B62F-71ECA654C291}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
    FirewallRules: [{536140A5-49A6-401B-84F7-487BFFCD923B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

    ==================== Restore Points =========================

    26-04-2019 08:51:58 Windows Update
    30-04-2019 08:35:37 Windows Update
    03-05-2019 08:56:10 Windows Update
    09-05-2019 08:09:32 Windows Update
    12-05-2019 09:40:45 Windows Update
    14-05-2019 09:14:05 Windows Update
    14-05-2019 12:57:21 Removed Microsoft Silverlight
    14-05-2019 13:00:56 Configured HP

    ==================== Faulty Device Manager Devices =============

    Name: MpKslf3e2724b
    Description: MpKslf3e2724b
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKslf3e2724b
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/14/2019 02:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6583

    Error: (05/14/2019 02:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6583

    Error: (05/14/2019 02:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/14/2019 01:39:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

    Error: (05/14/2019 08:41:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

    Error: (05/13/2019 01:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7347

    Error: (05/13/2019 01:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7347

    Error: (05/13/2019 01:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (05/14/2019 04:29:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (05/14/2019 04:20:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/14/2019 04:17:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/14/2019 01:35:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Intuit Update Service v4 service hung on starting.

    Error: (05/14/2019 01:35:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (05/14/2019 01:35:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (05/14/2019 01:33:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The GoodSync Server service hung on starting.

    Error: (05/14/2019 01:30:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.


    Windows Defender:
    ===================================
    Date: 2014-08-18 04:07:22.688
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
    Name:Adware:Win32/BetterSurf
    ID:200821
    Severity:High
    Category:Adware
    Path Found:containerfile:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx->[ChromeCrxPackage]->ffWebexpEnhancedV1alpha177chaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome.manifest;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177ffaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\default\WebexpEnhancedV1alpha177_32.png;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\Thumbs.db;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrom
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe

    Date: 2014-07-23 03:55:59.960
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
    Name:Adware:Win32/BetterSurf
    ID:200821
    Severity:High
    Category:Adware
    Path Found:containerfile:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;containerfile:C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1416\ch\MediaViewerV1alpha1416.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2722\ch\MediaViewV1alpha2722.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3234\ch\MediaViewV1alpha3234.crx;containerfile:C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home386\ch\MediaWatchV1home386.crx;containerfile:C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta351\ch\VideoPlayerV3beta351.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx->[ChromeCrxPackage]->ffMediaPlayerV1alpha773chaction.js;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome.manifest;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome\content\ffMediaPlayerV1al
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe

    Date: 2014-08-11 10:08:12.022
    Description:
    Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted:Current
    Error Code:0x80070002
    Error description:The system cannot find the file specified.
    Signature version:0.0.0.0
    Engine version:0.0.0.0

    Date: 2014-08-11 10:08:12.022
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version:
    Update Source:Signature Update Folder
    Signature Type:AntiSpyware
    Update Type:Delta
    Current Engine Version:
    Previous Engine Version:
    Error code:0x80070002
    Error description:The system cannot find the file specified.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 6.09 03/24/2011
    Motherboard: Hewlett-Packard 2AA7
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
    Percentage of memory in use: 91%
    Total physical RAM: 5943.11 MB
    Available physical RAM: 532.95 MB
    Total Virtual: 11884.37 MB
    Available Virtual: 5484.8 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:910.18 GB) (Free:704.04 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:21.24 GB) (Free:2.6 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{820ec235-2ec0-11e2-abc8-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: B0CF9B15)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=910.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    Do you use these programs?

    Amazon Assistant
    Google Toolbar for Internet Explorer
    CouponViewer Toolbar
    RevTraxPrintMyCoupon


    Did you set Bing and Yahoo as your preferred search providers in Firefox and Google Chrome?

    Did you install the Hola Free VPN Proxy Unblocker and Online Safety Chrome extensions?

    ----------------------------------------

    Uninstall a Program
    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following programs on the list:
      Code:
      Catalina Savings Printer
      Rich Media Player
      SSOption
      
    • Select each program and click Uninstall.
    • Restart the computer if prompted.

    ----------------------------------------

    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press Ctrl+y (Ctrl and y keys at the same time)
    • A blank notepad file named fixlist.txt will open.
    • Copy and paste the following into it ....
    Code:
    start
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
    Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
    Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
    Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
    FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
    CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
    S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
    S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
    S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]
    2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
    2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
    2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq
    
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
    AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
    FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
    FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
    FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
    FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
    FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
    FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
    FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
    FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
    FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
    FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    
    C:\Program Files (x86)\IObit
    
    VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    
    End
    • Press Ctrl+s to save fixlist.txt
    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Now press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log (fixlog.txt) in the same folder/directory as FRST
    • Please post the contents of fixlog.txt in your next reply.
     
  8. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Hi iMacg3,

    No, I do not use:

    Amazon Assistant
    Google toolbar for IE
    CouponViewer Toolbar
    RevTraxPrintMy Coupon


    I attempted to uninstall the following programs with differing results:

    Catalina Savings Printer = The feature you're trying to use is on a network resource that is unavailable. "Ok" to try again or enter an alternate path
    Rich Media Player = might already have been uninstalled. Want to remove it from Programs and Features? ( I didn't do anything here)
    SSOption = uninstalled successfully

    I didn't run FRST yet - thought I'd wait to hear back regarding above issues.

    Thanks for hanging in there with me.
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    If you do not use those programs, you can uninstall them:

    Uninstall a Program
    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following programs on the list:
      Code:
      Amazon Assistant
      Google Toolbar for Internet Explorer
      CouponViewer Toolbar
      RevTraxPrintMyCoupon
    • Select each program and click Uninstall.
    • Restart the computer if prompted.

    Select the option to remove it from Programs and Features.

    ---------------------------------

    Did you set Bing and Yahoo as your preferred search providers in Firefox and Google Chrome?

    Did you install the Hola Free VPN Proxy Unblocker and Online Safety Chrome extensions?

    ---------------------------------

    Let me know if you were able to uninstall the programs successfully.
     
  10. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Able to uninstall the following:

    • Rich media
    • RevtraxPrintMyCoupon
    • Google toolbar for IE
    • Amazon Assistant

    • Could not find CouponViewer Toolbar as an instaledl program
    • Yes, I selected Bing for IE (don't have Fire Fox)
    • Yahoo is for Chrome

    Did not install Hola Free VPN, Proxy Unblocker, or Online Safety Chrome extensions (not even sure what these are ... SHOULD I install ?
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    Please run a new FRST scan:

    • Right-click Frst.exe/Frst64.exe and click Run as Administrator.
    • Press the Scan button and wait for it to complete.
    • When the scan completes, 2 logs will open on your desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
     
  12. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05.2019
    Ran by Home (administrator) on HOME-HP (Hewlett-Packard 610-1010t) (17-05-2019 18:00:20)
    Running from C:\Users\Home\Desktop\Tech guy
    Loaded Profiles: Home (Available Profiles: Home & LogMeInRemoteUser & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Amazon Services LLC -> ) C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
    (CyberLink -> CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\72.4.136\QtWebEngineProcess.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
    (Siber Systems -> ) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
    (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Norton Online Backup] => c:\program files (x86)\symantec\norton online backup\nobuclient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard) [File not signed]
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation -> Symantec Corporation)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete -> PDF Complete Inc)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537600 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1150760 2018-04-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [Google Update] => C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-15] (Google Inc -> Google LLC)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [BingSvc] => C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {3c0703f9-00ff-11e3-a919-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {820ec244-2ec0-11e2-abc8-806e6f6e6963} - E:\setup.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {9e87ae17-c354-11e3-8702-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {cd1340a1-61c5-11e4-8665-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {d3f06c4f-c239-11e3-ab57-60eb69fd9eed} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\MountPoints2: {fcf4368a-dce4-11e3-80d7-60eb69fd9eed} - F:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-17] (Google LLC -> Google Inc.)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-10]
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {055B8EAC-3D40-47E5-8346-B258CD79B51B} - System32\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {058AA6F6-9320-45E3-B576-6AD8BF450B2E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {0B30940D-927E-4F2A-A82C-73CD3A7E1FC7} - System32\Tasks\{4B5D1208-15B7-4657-8063-D640656DCE04} => C:\Users\Home\AppData\Roaming\Smilebox\SmileboxStarter.exe
    Task: {153725A3-EF58-42CA-96C2-B00A9C84B2FF} - System32\Tasks\HPCeeScheduleForHOME-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-09-14] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {2E06CBDD-C7DD-4DCF-8B8E-00E779B483E2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {31C3E094-6744-4ED6-AB54-BFE686639E2C} - System32\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {410EB72E-CABE-4091-8A6C-F4A391CF3FBF} - System32\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {41309504-B05D-4316-95AC-DBAE767201C7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-22] (Siber Systems -> Siber Systems)
    Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
    Task: {50F68914-DD26-467D-8126-24E5A8866878} - System32\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {53071935-EE96-43E9-8211-386E7826A3E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
    Task: {54739C41-D1C6-43B4-A749-B824F0EB1431} - System32\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {5BAD9E8C-1897-47C7-8398-C755E2F7183C} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\Overwolf.exe
    Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
    Task: {5E9FB838-6F6C-448F-9682-214D8F2B26AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {706BEABC-9344-4396-997E-CEA5623905A3} - System32\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {777637E4-EF74-4780-A5EA-6FA583DD76B1} - System32\Tasks\Amazon Music Helper => C:\Users\Home\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] (Amazon Services LLC -> )
    Task: {7853C6A7-331B-4AC7-9861-D1C57B16AF19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {91CC2D29-A48F-4D2F-967C-963EDD5A3944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {94F403B1-CFA4-4C54-95AE-ABA2E1B2541F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {9696DF0C-4A2C-405F-B249-E6A9AAA77096} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
    Task: {977FC7CB-A926-4046-8B73-204413F74D9C} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLJPMKJPMGMOMIMNMCNHMGMJJLMCNLMLJOJLJCNNJNMNJMMCNLJJJGMKJGMKJJJKMOMNMPMIMJNJICMHMCNKMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMNMKMKMJNHICMEKMICNJJCKJNBJCMLIIJKJAJNIIJKJPLKICJGJMJHJBNKJLJKIJNKJCML (the data entry has 100 more characters).
    Task: {A1C48D45-A5F6-480B-B211-BD0A304E166E} - System32\Tasks\GoogleUpdateTaskMachineCore1cfea87c073e9d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {C0B1DBCC-63A1-4C59-9288-0A6C7D9E78BD} - System32\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {C8D4921B-647E-4E8C-B16C-9DA5AA708FA7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [136488 2010-09-03] (CyberLink -> CyberLink)
    Task: {CEC60F82-A8BC-457A-A898-969C00B014C2} - System32\Tasks\GoogleUpdateTaskMachineUA1cfea87c1768517 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {DDA6347A-68C8-4368-91E2-35CD44CDE86E} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [1248312 2011-08-11] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {E8B3FDB7-4D70-4422-B925-63026C20B618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001UA => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
    Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
    Task: {F684044D-1F6A-4FAD-B280-1EDC0AF55329} - System32\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
    Task: {F70B8165-F38F-44D4-9819-F70E9093C77B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001Core => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc -> Google Inc.)
    Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{368E3CF1-07EC-4441-891C-5E28240268C8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{42242F2F-8E4B-4DA6-9775-E3701AB62209} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{C4AFC024-FCDF-4AB2-9764-48819F092604} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D915748D-8CD4-46BC-B741-E4303DB6764E} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [NameServer] 18.217.241.230
    Tcpip\..\Interfaces\{94A72A9C-48EC-4150-9DA1-C34D51501AEE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{A0736165-0B27-488A-B801-08BC8DE7312B}: [NameServer] 18.221.254.213

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=befhp&type=iehp-4.7-1805
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.bing.com/
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> {6271CD1C-3937-485A-9A09-A593F7069707} URL = hxxps://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-4.7-1805
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-22] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} hxxp://www.photodex.com/pxplay.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default [2018-06-03]
    FF Homepage: mozilla\firefox\Profiles\gcq5yow9.default -> hxxps://www.malwarebytes.org/restorebrowser/param1=y6bdVFVIsvuYsgEClQfz8KTL4HLBF1wBOkVfCJhNXY6t%2BipeZtEdYEFU7g9wi2bjIBeUCUPthp5B6ksGPGKrbSvIuQEt%2Btfdhn4OjEPtw4RL34QkqUDQg4Om0RSqp268rFH1Dj12wyPVJ1yqCAejaMA9EmgI7js%2B5iznHYu2SE%2BhRWfCqGRqtfL4EE2mAfZodmVSL70XSoSwvZgAlkYsPymfHasWUYgx4Ysn54lCBFItVZfkZs%2FaBSaM8AU2onPMSbuBN37X60q3mx2yG0v9gy6inyqmiFG9PqXN%2F0ilrB0%3D
    FF Extension: (Firefox Hotfix) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2016-10-07] [Legacy]
    FF Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\Extensions\[email protected] [2017-10-26]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\bing-lavasoft-ff59.xml [2018-04-01]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\mozilla\firefox\Profiles\gcq5yow9.default\searchplugins\Yahoo powered search.xml [2019-05-03]
    FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2017-11-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-07] [Legacy] [not signed]
    FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-19] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-11-10] ( ) [File not signed]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-16] (Citrix Online -> Citrix Online)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @hulu.com/Hulu Desktop -> C:\Users\Home\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu -> Hulu LLC)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Home\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-08-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> bing.com
    CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7%2FSBHDoRu0l7POinR9MfVMrBz2a6PLaTDh3EQbeGQVoY9hhitelfGOYzrRBS6Ykx2EF%2Fl5MVqxUcwTHy2w%2FUubEiNKi7C0uFbcfHNHlV67qOTK92lxHCZCVQVhWBodQuit%2BHzA4S9mJ0Dqe02w3fnkPTghBBJyA%2FDdvSr7x22obIC%2BHK71vZ5yYlg6850zbInDOBE%2BMV7E4CbZldwxDim7dPLXo33ZUYhJuCkXK5GzwE%3D","hxxps://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7m8LAeZoS4G9z2zivyIMrMZ%2Bms%2F%2BvWGjvjP%2BFW7vbLHzobA3%2FyHKfKpNwU%2F0ISyQOl6dP5NGFHzjn94AGAfBBV5fURd9XfuHdx5ruP3T9JBsPP7idrVvGnWB%2B4k0wJM3SvXB461fU2xkgQz64xGOEykKM4aAEz%2Fd7ItXjn11IJvyNVqVygNOgNmI%2FM0mXKKu53yBhyf8XiE9RKhvZ8N9jJQ%3D%3D&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.yahoo.com
    CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311238&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1%2BAoyTMxWna%2Fax%2F7ZIXHC7PvtYauGJUfR6ThlzvtlpDX8mZmhlM1UewwJGPVqWtATNuw37hss8HKCaFs1ZA2ZTlSermjkGUhnsGPMgPt0agrtGGhVRmnbpVN6ugGdha4D7Xzf6PdAyEcLLUfuiJEFpVmEilieRcDbvi%2BrWzlZk2PdDFFGGIJPVkcDO%2FWOl4RDR%2FmT5W8fSgzyYNL4YzgN4MQujhLvIuCYDqz9w%2FcMTNg%3D%3D
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2019-05-16]
    CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
    CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-24]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-18]
    CHR Extension: (Honey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-05-02]
    CHR Extension: (Bing Homepage) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdldbgojabdbiapkfeldpfmbecmcaoec [2019-01-01]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
    CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
    CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
    CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-05-14]
    CHR Extension: (Grammarly for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-14]
    CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2019-05-14]
    CHR Extension: (Online Safety) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledpmklechmkjngjilbfpogiehjbemkj [2019-04-12]
    CHR Extension: (Wikibuy from Capital One) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-05-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
    CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
    CHR Extension: (RoboForm Password Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2019-04-12]
    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]
    CHR HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cdldbgojabdbiapkfeldpfmbecmcaoec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-12]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
    S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-01] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2018-02-09] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
    S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1205\G2AC_Service.exe [309712 2016-11-05] (Citrix Online -> Citrix Systems, Inc.)
    R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9553632 2016-10-01] (Siber Systems -> )
    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
    S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation -> Symantec Corporation)
    S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
    S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete -> PDF Complete Inc)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
    S4 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [399344 2010-09-11] (Sonic Solutions -> Roxio)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [318464 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies -> AVG Technologies)
    R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-09-03] (CyberLink -> CyberLink Corporation)
    S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-08] (Martin Malik - REALiX -> REALiX(tm))
    R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    S3 Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [158976 2010-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2016-07-08] (ITE Tech. Inc. -> ITE Tech. Inc. )
    R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S4 LMIRfsClientNP; no ImagePath
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-17] (Malwarebytes Corporation -> Malwarebytes)
    R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2016-07-08] (MEDIATEK INC. -> MediaTek Inc.)
    R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [77824 2010-01-22] (Microsoft Windows Hardware Compatibility Publisher -> NEC Electronics Corporation)
    R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2016-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
    S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-07-08] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-08] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [536576 2012-04-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    U1 aswbdisk; no ImagePath
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
    S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-17 09:06 - 2019-05-17 09:06 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-05-15 14:40 - 2019-04-25 00:01 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2019-05-15 14:40 - 2019-04-24 23:31 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2019-05-15 14:40 - 2019-04-18 22:54 - 004057320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2019-05-15 14:40 - 2019-04-18 22:53 - 003963624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2019-05-15 14:40 - 2019-04-18 22:53 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2019-05-15 14:40 - 2019-04-18 22:51 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:44 - 000095456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2019-05-15 14:40 - 2019-04-18 22:43 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2019-05-15 14:40 - 2019-04-18 22:42 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2019-05-15 14:40 - 2019-04-18 22:42 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2019-05-15 14:40 - 2019-04-18 22:42 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2019-05-15 14:40 - 2019-04-18 22:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:20 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2019-05-15 14:40 - 2019-04-18 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2019-05-15 14:40 - 2019-04-18 22:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2019-05-15 14:40 - 2019-04-18 22:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2019-05-15 14:40 - 2019-04-18 22:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2019-05-15 14:40 - 2019-04-18 22:11 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2019-05-15 14:40 - 2019-04-18 22:08 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2019-05-15 14:40 - 2019-04-18 22:08 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2019-05-15 14:40 - 2019-04-18 22:08 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2019-05-15 14:40 - 2019-04-18 22:08 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2019-05-15 14:40 - 2019-04-18 22:08 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2019-05-15 14:40 - 2019-04-18 22:08 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2019-05-15 14:40 - 2019-04-18 22:07 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2019-05-15 14:40 - 2019-04-18 22:07 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2019-05-15 14:40 - 2019-04-18 22:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2019-05-15 14:40 - 2019-04-18 22:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2019-05-15 14:40 - 2019-04-18 22:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2019-05-15 14:40 - 2019-04-18 22:07 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
    2019-05-15 14:40 - 2019-04-18 22:07 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2019-05-15 14:40 - 2019-04-16 11:17 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2019-05-15 14:40 - 2019-04-16 11:17 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2019-05-15 14:40 - 2019-04-16 11:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2019-05-15 14:40 - 2019-04-16 11:05 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2019-05-15 14:40 - 2019-04-16 11:05 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2019-05-15 14:40 - 2019-04-16 11:05 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2019-05-15 14:40 - 2019-04-16 11:05 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2019-05-15 14:40 - 2019-04-04 20:34 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
    2019-05-15 14:39 - 2019-04-30 15:28 - 000397112 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2019-05-15 14:39 - 2019-04-30 14:37 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2019-05-15 14:39 - 2019-04-29 20:51 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2019-05-15 14:39 - 2019-04-29 20:51 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2019-05-15 14:39 - 2019-04-24 23:52 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2019-05-15 14:39 - 2019-04-24 23:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2019-05-15 14:39 - 2019-04-24 23:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2019-05-15 14:39 - 2019-04-24 23:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2019-05-15 14:39 - 2019-04-24 23:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2019-05-15 14:39 - 2019-04-24 23:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2019-05-15 14:39 - 2019-04-24 23:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2019-05-15 14:39 - 2019-04-24 23:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2019-05-15 14:39 - 2019-04-24 23:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2019-05-15 14:39 - 2019-04-24 23:28 - 005775360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2019-05-15 14:39 - 2019-04-24 23:28 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2019-05-15 14:39 - 2019-04-24 23:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2019-05-15 14:39 - 2019-04-24 23:26 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2019-05-15 14:39 - 2019-04-24 23:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2019-05-15 14:39 - 2019-04-24 23:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2019-05-15 14:39 - 2019-04-24 23:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2019-05-15 14:39 - 2019-04-24 23:19 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2019-05-15 14:39 - 2019-04-24 23:16 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2019-05-15 14:39 - 2019-04-24 23:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2019-05-15 14:39 - 2019-04-24 23:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2019-05-15 14:39 - 2019-04-24 23:11 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2019-05-15 14:39 - 2019-04-24 23:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2019-05-15 14:39 - 2019-04-24 23:09 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2019-05-15 14:39 - 2019-04-24 23:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2019-05-15 14:39 - 2019-04-24 23:09 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2019-05-15 14:39 - 2019-04-24 23:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2019-05-15 14:39 - 2019-04-24 23:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2019-05-15 14:39 - 2019-04-24 23:05 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2019-05-15 14:39 - 2019-04-24 23:05 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2019-05-15 14:39 - 2019-04-24 23:05 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2019-05-15 14:39 - 2019-04-24 23:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2019-05-15 14:39 - 2019-04-24 23:03 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2019-05-15 14:39 - 2019-04-24 23:03 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2019-05-15 14:39 - 2019-04-24 23:02 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2019-05-15 14:39 - 2019-04-24 23:02 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2019-05-15 14:39 - 2019-04-24 23:01 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2019-05-15 14:39 - 2019-04-24 22:54 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2019-05-15 14:39 - 2019-04-24 22:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2019-05-15 14:39 - 2019-04-24 22:50 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2019-05-15 14:39 - 2019-04-24 22:50 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2019-05-15 14:39 - 2019-04-24 22:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2019-05-15 14:39 - 2019-04-24 22:49 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2019-05-15 14:39 - 2019-04-24 22:49 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2019-05-15 14:39 - 2019-04-24 22:48 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2019-05-15 14:39 - 2019-04-24 22:47 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2019-05-15 14:39 - 2019-04-24 22:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2019-05-15 14:39 - 2019-04-24 22:46 - 015285248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2019-05-15 14:39 - 2019-04-24 22:46 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2019-05-15 14:39 - 2019-04-24 22:45 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2019-05-15 14:39 - 2019-04-24 22:43 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2019-05-15 14:39 - 2019-04-24 22:40 - 004493312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2019-05-15 14:39 - 2019-04-24 22:38 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2019-05-15 14:39 - 2019-04-24 22:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2019-05-15 14:39 - 2019-04-24 22:36 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2019-05-15 14:39 - 2019-04-24 22:35 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2019-05-15 14:39 - 2019-04-24 22:35 - 005303808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2019-05-15 14:39 - 2019-04-24 22:35 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2019-05-15 14:39 - 2019-04-24 22:24 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2019-05-15 14:39 - 2019-04-24 22:18 - 004831232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2019-05-15 14:39 - 2019-04-24 22:14 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2019-05-15 14:39 - 2019-04-24 22:14 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2019-05-15 14:39 - 2019-04-24 22:12 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2019-05-15 14:39 - 2019-04-18 22:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2019-05-15 14:39 - 2019-04-18 22:51 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2019-05-15 14:39 - 2019-04-18 22:51 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2019-05-15 14:39 - 2019-04-18 22:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2019-05-15 14:39 - 2019-04-18 22:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2019-05-15 14:39 - 2019-04-18 22:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2019-05-15 14:39 - 2019-04-18 22:50 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2019-05-15 14:39 - 2019-04-18 22:44 - 000185064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2019-05-15 14:39 - 2019-04-18 22:43 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2019-05-15 14:39 - 2019-04-18 22:43 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2019-05-15 14:39 - 2019-04-18 22:43 - 000064232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
    2019-05-15 14:39 - 2019-04-18 22:43 - 000063208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
    2019-05-15 14:39 - 2019-04-18 22:43 - 000060648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
    2019-05-15 14:39 - 2019-04-18 22:43 - 000031976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
    2019-05-15 14:39 - 2019-04-18 22:43 - 000023784 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
    2019-05-15 14:39 - 2019-04-18 22:43 - 000020200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
    2019-05-15 14:39 - 2019-04-18 22:42 - 000122600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
    2019-05-15 14:39 - 2019-04-18 22:42 - 000068328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2019-05-15 14:39 - 2019-04-18 22:42 - 000036064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
    2019-05-15 14:39 - 2019-04-18 22:42 - 000015080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
    2019-05-15 14:39 - 2019-04-18 22:42 - 000012136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
    2019-05-15 14:39 - 2019-04-18 22:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2019-05-15 14:39 - 2019-04-18 22:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2019-05-15 14:39 - 2019-04-18 22:40 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2019-05-15 14:39 - 2019-04-18 22:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2019-05-15 14:39 - 2019-04-18 22:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2019-05-15 14:39 - 2019-04-18 22:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2019-05-15 14:39 - 2019-04-18 22:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2019-05-15 14:39 - 2019-04-18 22:39 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2019-05-15 14:39 - 2019-04-18 22:39 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2019-05-15 14:39 - 2019-04-18 22:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2019-05-15 14:39 - 2019-04-18 22:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2019-05-15 14:39 - 2019-04-18 22:20 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2019-05-15 14:39 - 2019-04-18 22:20 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2019-05-15 14:39 - 2019-04-18 22:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2019-05-15 14:39 - 2019-04-18 22:15 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2019-05-15 14:39 - 2019-04-18 22:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2019-05-15 14:39 - 2019-04-18 22:12 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2019-05-15 14:39 - 2019-04-18 22:11 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2019-05-15 14:39 - 2019-04-16 11:17 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2019-05-15 14:39 - 2019-04-16 11:17 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2019-05-15 14:39 - 2019-04-16 11:17 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2019-05-15 14:39 - 2019-04-16 11:16 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2019-05-15 14:39 - 2019-04-16 11:05 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2019-05-15 14:39 - 2019-04-16 11:05 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2019-05-15 14:39 - 2019-04-16 11:05 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2019-05-15 14:39 - 2019-04-16 11:05 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2019-05-15 14:39 - 2019-04-16 11:05 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2019-05-15 14:39 - 2019-04-16 10:55 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2019-05-15 14:39 - 2019-04-16 09:15 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
    2019-05-15 14:39 - 2019-04-16 09:15 - 000419648 _____ C:\Windows\system32\locale.nls
    2019-05-15 14:39 - 2019-04-14 01:42 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2019-05-15 14:39 - 2019-04-14 01:40 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2019-05-15 14:39 - 2019-04-14 01:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2019-05-15 14:39 - 2019-04-14 01:39 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2019-05-15 14:39 - 2019-04-14 01:39 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2019-05-15 14:39 - 2019-04-14 01:28 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2019-05-15 14:39 - 2019-04-14 01:26 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2019-05-15 14:39 - 2019-04-14 01:26 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2019-05-15 14:39 - 2019-04-14 01:26 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2019-05-15 14:39 - 2019-04-14 01:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2019-05-15 14:39 - 2019-04-14 01:26 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2019-05-15 14:39 - 2019-04-14 01:12 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2019-05-15 14:39 - 2019-04-07 11:17 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2019-05-15 14:39 - 2019-04-07 11:17 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2019-05-15 14:39 - 2019-04-07 11:17 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2019-05-15 14:39 - 2019-04-07 11:17 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2019-05-15 14:39 - 2019-04-07 11:17 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2019-05-15 14:39 - 2019-04-07 11:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
    2019-05-15 14:39 - 2019-04-07 11:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2019-05-15 14:39 - 2019-04-07 11:15 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2019-05-15 14:39 - 2019-04-07 11:05 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2019-05-15 14:39 - 2019-04-07 11:03 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2019-05-15 14:39 - 2019-04-07 11:03 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2019-05-15 14:39 - 2019-04-07 11:03 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2019-05-15 14:39 - 2019-04-07 11:03 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2019-05-15 14:39 - 2019-04-07 11:02 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2019-05-15 14:39 - 2019-04-07 11:02 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2019-05-15 14:39 - 2019-04-07 11:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2019-05-15 14:39 - 2019-04-07 11:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2019-05-15 14:39 - 2019-04-07 10:57 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2019-05-15 14:39 - 2019-04-07 10:49 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2019-05-15 14:39 - 2019-04-07 10:48 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2019-05-15 14:39 - 2019-04-07 10:45 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2019-05-15 14:39 - 2019-04-07 10:45 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2019-05-15 14:39 - 2019-04-07 10:45 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2019-05-15 14:39 - 2019-04-07 10:42 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
    2019-05-15 14:39 - 2019-04-07 10:42 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
    2019-05-15 14:39 - 2019-04-07 10:42 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2019-05-15 14:39 - 2019-04-07 10:42 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2019-05-15 14:39 - 2019-04-07 10:42 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
    2019-05-15 14:39 - 2019-04-07 10:38 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
    2019-05-15 14:39 - 2019-04-07 10:35 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2019-05-15 14:39 - 2019-04-07 10:33 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2019-05-15 14:39 - 2019-04-07 10:33 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2019-05-15 14:39 - 2019-04-07 09:05 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2019-05-15 14:39 - 2019-04-04 20:23 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
    2019-05-14 16:31 - 2019-05-17 18:00 - 000000000 ____D C:\FRST
    2019-05-14 16:30 - 2019-05-17 18:00 - 000000000 ____D C:\Users\Home\Desktop\Tech guy
    2019-05-12 14:57 - 2019-05-12 15:14 - 000000000 ____D C:\Users\Home\Desktop\Alcon
    2019-05-08 08:03 - 2019-05-08 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-05-07 15:51 - 2019-05-07 15:51 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
    2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
    2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
    2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
    2019-05-07 08:34 - 2019-05-07 08:34 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-05-07 08:34 - 2019-05-07 08:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-05-07 08:34 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
    2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
    2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-17 12:50 - 2016-02-29 14:05 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2019-05-17 12:49 - 2016-01-17 18:49 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {368E3CF1-07EC-4441-891C-5E28240268C8}.job
    2019-05-17 12:49 - 2016-01-17 18:49 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {368E3CF1-07EC-4441-891C-5E28240268C8}.job
    2019-05-17 12:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
    2019-05-17 12:26 - 2018-10-08 12:26 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
    2019-05-17 12:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {D915748D-8CD4-46BC-B741-E4303DB6764E}.job
    2019-05-17 12:26 - 2018-10-08 12:26 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {C4AFC024-FCDF-4AB2-9764-48819F092604}.job
    2019-05-17 12:07 - 2016-10-17 08:07 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
    2019-05-17 12:07 - 2016-10-17 08:07 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {42242F2F-8E4B-4DA6-9775-E3701AB62209}.job
    2019-05-17 11:57 - 2012-11-26 15:53 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2019-05-17 10:39 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
    2019-05-17 09:21 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-05-17 09:21 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-05-17 09:05 - 2016-02-29 14:05 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2019-05-17 09:05 - 2012-11-26 15:53 - 000000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2019-05-17 09:05 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-05-17 02:18 - 2012-11-26 15:53 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-05-17 02:18 - 2012-11-26 15:53 - 000002064 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-05-17 02:15 - 2012-11-16 19:59 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3C32409-668F-4FA3-9651-2571686A5B6A}
    2019-05-17 02:02 - 2012-11-26 15:53 - 000000000 ____D C:\Program Files\Google
    2019-05-17 02:02 - 2012-11-26 15:52 - 000000000 ____D C:\Program Files (x86)\Google
    2019-05-16 11:34 - 2012-11-26 15:53 - 000000000 ____D C:\Users\Home\AppData\Local\Google
    2019-05-16 11:27 - 2012-11-16 20:52 - 000000000 ____D C:\Users\Home\AppData\Local\CrashDumps
    2019-05-16 03:49 - 2009-07-14 01:13 - 000787576 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-05-16 03:49 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2019-05-16 03:42 - 2009-07-14 00:45 - 000447808 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-05-16 03:37 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
    2019-05-16 03:37 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Dism
    2019-05-16 03:17 - 2013-08-14 11:58 - 000000000 ____D C:\Windows\system32\MRT
    2019-05-16 03:07 - 2012-11-16 20:33 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2019-05-16 03:03 - 2011-07-06 15:04 - 000779698 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2019-05-15 14:17 - 2015-03-15 20:13 - 000003508 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001UA
    2019-05-15 14:17 - 2015-03-15 20:13 - 000003236 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287311948-1235629539-2080862382-1001Core
    2019-05-15 14:13 - 2015-11-02 07:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-05-15 14:10 - 2014-10-17 23:58 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfea87c1768517
    2019-05-15 14:10 - 2014-10-17 23:58 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfea87c073e9d3
    2019-05-14 13:02 - 2011-07-06 15:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2019-05-13 10:21 - 2013-03-12 08:36 - 000000000 ____D C:\Users\Home\Documents\Outlook Files
    2019-05-12 22:11 - 2013-02-25 10:19 - 000000000 ____D C:\Users\Home\AppData\Roaming\Skype
    2019-05-12 14:26 - 2018-03-28 14:18 - 000000258 __RSH C:\ProgramData\ntuser.pol
    2019-05-11 21:19 - 2017-07-26 23:39 - 000003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1287311948-1235629539-2080862382-1001
    2019-05-11 21:19 - 2014-02-20 14:24 - 000002160 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2019-05-11 21:19 - 2013-05-13 10:53 - 000000000 ___RD C:\Users\Home\SkyDrive
    2019-05-09 12:07 - 2018-03-17 18:46 - 000000000 ____D C:\Users\Home\Desktop\Ebay
    2019-05-09 12:02 - 2014-03-14 07:36 - 000000000 ____D C:\Users\Home\AppData\Local\EDEA3002-5618-4EF1-8A2C-01276660F85C.aplzod
    2019-05-08 08:03 - 2016-02-29 14:05 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-05-07 09:01 - 2013-02-13 09:48 - 000003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHOME-HP$
    2019-05-07 09:01 - 2013-02-13 09:48 - 000000340 _____ C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job
    2019-05-07 08:34 - 2018-06-03 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-05-07 08:31 - 2014-08-11 18:24 - 000000000 ____D C:\AdwCleaner
    2019-04-26 08:39 - 2016-02-29 14:08 - 000000000 ___RD C:\Users\Home\Dropbox

    ==================== Files in the root of some directories =======

    2013-05-03 19:08 - 2013-05-03 19:08 - 004167680 _____ () C:\Program Files (x86)\GUTC246.tmp
    2015-10-10 16:49 - 2015-11-16 13:13 - 000000093 _____ () C:\Users\Home\AppData\Roaming\ARCompanion.log
    2018-01-03 12:06 - 2018-01-04 10:53 - 000001862 _____ () C:\Users\Home\AppData\Roaming\downloads.json
    2013-08-14 13:19 - 2013-08-14 13:19 - 000162046 _____ () C:\Users\Home\AppData\Roaming\VideoPad.dmp
    2015-06-10 17:24 - 2015-09-01 08:24 - 000000177 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2013-08-10 11:29 - 2018-03-12 16:35 - 000011776 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-04-21 07:05 - 2018-04-21 07:05 - 000000000 _____ () C:\Users\Home\AppData\Local\{48EF422F-A40D-45A5-B26B-E71848CA3C00}
    2018-04-06 14:20 - 2018-04-06 14:20 - 000000000 _____ () C:\Users\Home\AppData\Local\{6D271F56-8FC4-4D43-9619-AA1B4EE91955}

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-05-13 13:04
    ==================== End of FRST.txt ============================
     
  13. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
    Ran by Home (17-05-2019 18:03:28)
    Running from C:\Users\Home\Desktop\Tech guy
    Windows 7 Home Premium Service Pack 1 (X64) (2012-11-15 02:09:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1287311948-1235629539-2080862382-500 - Administrator - Disabled)
    Guest (S-1-5-21-1287311948-1235629539-2080862382-501 - Limited - Enabled) => C:\Users\Guest
    Home (S-1-5-21-1287311948-1235629539-2080862382-1001 - Administrator - Enabled) => C:\Users\Home
    HomeGroupUser$ (S-1-5-21-1287311948-1235629539-2080862382-1002 - Limited - Enabled)
    LogMeInRemoteUser (S-1-5-21-1287311948-1235629539-2080862382-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3M Products Update version 2012-05 for Microsoft Office 2010 (HKLM-x32\...\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1) (Version: - 3M Company)
    64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
    Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.142 - Adobe Systems Incorporated)
    Amazon Music (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AT&T Connect Participant Application v11.7.303 (HKLM-x32\...\{4DDBB234-AB68-4D47-BABA-2ED472E0B7A1}) (Version: 11.7.303 - AT&T Inc.)
    Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cash Back Assistant (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2017.4.7.1 - Capital Intellect, Inc.)
    Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{0A223CAC-7FAC-4A7F-AA0F-3921A512C735}) (Version: 28.12.20.10001 - Cisco WebEx LLC)
    Computer Requirements 1.0 (HKLM-x32\...\{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1) (Version: - Furst Person)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 72.4.136 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) Hidden
    DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
    Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
    Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
    EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
    Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.61.1 - Siber Systems)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Photos Backup (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.8.0.1205 - Citrix Systems, Inc.)
    Grammarly (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
    Grammarly for Microsoft® Office Suite (HKLM\...\{E5D2A304-3F72-4D79-BE42-15EB2FAE4D5C}) (Version: 6.7.162 - Grammarly) Hidden
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\{383f290c-ffb7-4a20-9533-a62d984c4d3f}) (Version: 6.7.162 - Grammarly)
    History Viewer v5.1 (HKLM-x32\...\History Viewer_is1) (Version: - Digital Forensics Studio)
    HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
    HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
    HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
    HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
    HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
    HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
    HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
    HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
    HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
    HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4701 - Hewlett-Packard)
    HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
    HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4700 - Hewlett-Packard)
    HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
    HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
    HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
    HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
    HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
    HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
    HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
    HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
    HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
    Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    LogMeIn (HKLM-x32\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Multi PDF Converter version 5.2 (HKLM-x32\...\{43CF388F-EB3B-4AF2-9A3C-0E5A2013F598}_is1) (Version: 5.2 - Essex Software, LLC)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
    [email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
    [email protected] (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
    Personal Color Viewer (HKLM-x32\...\{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}) (Version: 3.0.2 - Eco Color Company) Hidden
    Personal Color Viewer (HKLM-x32\...\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1) (Version: 3.0.2 - Eco Color Company)
    Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
    PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Picasa Uploader (HKLM-x32\...\{60945EFA-28EB-8202-19C1-70DD667075CB}) (Version: 1.2 - UNKNOWN) Hidden
    Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
    [email protected] (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
    RapidPlayer v6.0 ActiveX Control (HKLM-x32\...\{31C2F32D-C5DD-4583-8181-B48591CA231C}) (Version: - )
    Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
    Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
    RoboForm 8-5-8-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-5-8-8 - Siber Systems)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
    SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.22.002 - Portrait Displays, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    Synctunes Desktop (HKLM-x32\...\{4A14B3B7-5D71-4C3F-967B-50D6A42BF7F7}) (Version: 1.1.0 - The Bit Studio)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Zoom (HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Home\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.162\A1D16B0101\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-05] (Hewlett-Packard Company -> Hewlett-Packard)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2011-07-06 15:22 - 2009-07-02 17:58 - 000406016 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    2011-07-06 15:22 - 2010-02-11 13:07 - 000710656 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000069120 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\MObexDll.dll
    2014-02-04 11:11 - 2014-02-04 11:11 - 001605632 _____ (Samsung) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SS_RC.dll
    2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
    2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
    2016-01-17 18:45 - 2018-12-25 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
    2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
    2016-01-17 18:46 - 2018-12-25 12:00 - 000233984 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
    2016-01-17 18:45 - 2018-12-26 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
    2016-01-17 18:45 - 2018-12-26 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
    2014-04-12 16:36 - 2014-04-12 16:36 - 000811008 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusDeviceManager.dll
    2014-04-12 16:36 - 2014-04-12 16:36 - 001649152 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\PluginModules\FusNetworkManager.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000512000 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceDBModule.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000184320 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\DeviceModule.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000123392 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\FileAndProcessModule.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000284672 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\GlobalUtils.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000157184 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\NetworkModule.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000538624 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\Resource.dll
    2014-04-10 15:21 - 2014-04-10 15:21 - 000411136 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\SCommon.dll
    2014-04-10 15:22 - 2014-04-10 15:22 - 000116224 _____ (TODO: <Company name>) [File not signed] C:\Users\Home\AppData\Roaming\Verizon\UA_ar\UA_Modules.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
    AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
    AlternateDataStreams: C:\Users\Home\Desktop\coverter music:com.dropbox.attributes [168]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\alorica.com -> alorica.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.com -> aloricaathome.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\aloricaathome.net -> aloricaathome.net
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\amazon.com -> hxxps://amazon.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\athpoweronline.com -> hxxps://www.athpoweronline.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\myhostedcloud.com -> hxxps://ca.myhostedcloud.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\west.com -> west.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.com -> westathome.com
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\westathome.net -> westathome.net
    IE trusted site: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\workathomeagent.net -> workathomeagent.net

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2018-01-04 11:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Windows\SysWOW64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 18.217.241.230
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AESTFilters => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: CalendarSynchService => 2
    MSCONFIG\Services: DTSRVC => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: HPClientSvc => 2
    MSCONFIG\Services: IntuitUpdateServiceV4 => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LavasoftAdAwareService11 => 2
    MSCONFIG\Services: LMIGuardianSvc => 2
    MSCONFIG\Services: LMIMaint => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: LogMeIn => 2
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: PasswordBox => 2
    MSCONFIG\Services: pdfcDispatcher => 2
    MSCONFIG\Services: PdiService => 2
    MSCONFIG\Services: RoxioNow Service => 2
    MSCONFIG\Services: Skype C2C Service => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: STacSV => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: vToolbarUpdater18.1.7 => 2
    MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
    MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
    FirewallRules: [{7BE6A925-6B15-49CC-A8FC-CC493FD28326}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{00E8BD04-B77F-4E9D-9895-4DB1DBDF26CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
    FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
    FirewallRules: [{A662C544-8664-4F55-8570-139EF386994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
    FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
    FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
    FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
    FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
    FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{4CBCF409-0416-4D22-AAD9-5557B5E98365}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
    FirewallRules: [{9CE75101-9C1F-4593-93C5-6D90836EE569}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
    FirewallRules: [{7FD90B51-3AFE-4434-9D20-2DCBB635D3FB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe (Sonic Solutions -> Roxio)
    FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{297237F7-BB0A-40A2-ACB7-A23F2AB444A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.) [File not signed]
    FirewallRules: [{BB042078-04C0-4ED7-88E3-C639BAB79E9D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{CA503653-B884-4F97-8B2E-EDDA8EF5C9CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{F543469D-0596-47F9-9ACE-247F363E6182}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B18DFCDE-2A0A-4E81-B45F-F86C66EBB73F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{E661F178-213C-40DE-88F5-EA5D64F3F239}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7D98C721-6530-4E5B-9BFA-562469AAC3DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{86CDFFD9-0684-4B00-A4F8-7404A15E2EB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
    FirewallRules: [{35A7B644-03D5-4177-B519-DF7A6FB75B08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
    FirewallRules: [{DB8D4806-C46D-4CAF-962F-3A01411C55C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
    FirewallRules: [{AA83530D-3672-41E5-8B0D-45193AFEEB75}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
    FirewallRules: [TCP Query User{96263E0B-6C83-43A5-BC4A-3FB58B4E28D7}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [UDP Query User{5152C925-8E90-456D-932A-E275A8CB326B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{360C59A5-4B37-4B04-BBDA-6B2E4BED385F}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe (The Bit Studio) [File not signed]
    FirewallRules: [{A13E125E-3EFE-42DB-9CE3-798BB9C2ACC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{35C14B29-7966-409A-9BE2-E5D62FB19F89}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{CAE8E3DF-D2A0-4061-9C4F-386B0FF743CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{80BAB43E-3FF5-4C36-96C3-FB63667AEAAF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{87A3DE29-001F-428B-B3BA-6F86DE639719}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{FECAE967-39FA-4EF7-A267-476D17E0C5F4}] => (Allow) LPort=2869
    FirewallRules: [{A9501120-7964-44F7-8300-CDB6391D157C}] => (Allow) LPort=1900
    FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{95A10269-FAB8-4D24-BF3D-CB9CE6C631F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C8B9846D-4361-47E6-8A6A-43ABCFCBCECE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B567F05A-36B3-46E6-8A6C-1CEC268594BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{075BA779-7902-43E9-93A3-874741C5C694}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0E80EB02-7F63-428F-B1FB-E69DE9C1A4BF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{1F33DD0D-3AD8-4A08-AE81-BDB9F11E042A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{25785534-8B9C-4145-83AB-2149095C28CD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{3265148C-DD33-496A-9025-27BB8D9EC9F3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{5C48FE5D-D916-4B12-B623-8CE336952E80}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{27BC7757-C5A5-4A2F-9816-68D75C7FC4AF}] => (Allow) C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A2324DD7-0EFA-4FB0-A2C5-D720B58D3D8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
    FirewallRules: [{3DBCFACF-D232-4778-907F-5126BEF4E2C2}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )
    FirewallRules: [{7206B97D-EBAF-46CF-A71E-D9B1A2D64D37}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{AC0F35B9-D823-4457-A6BA-0CBA417E40AD}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{43F50CFC-37EC-4EFC-9564-75E0061FE288}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{F2614A68-0871-49D6-8E10-D4AA296F0796}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{76A2593A-AEEE-4A70-85AE-67D926E807E1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{B47052B2-7DC8-4DB1-9B6F-C5AD88426A46}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{1B9FE451-6A60-42A3-BC15-7C01BAB8E66C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{44D14047-BB62-4337-8A23-911AC01C3C1F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{44676FDA-3F7D-428C-AB34-32D3CE7F0153}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{95AD0F24-6886-428C-B553-7CE0D507FA0E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{647A18B3-0B73-4773-AF8E-7A4A1B78FF58}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{C6CE9C92-3B3E-45F4-A3A1-3880B7506B45}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{536140A5-49A6-401B-84F7-487BFFCD923B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{D172F2DB-164D-4E6A-AFBA-833025C7C41A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

    ==================== Restore Points =========================

    03-05-2019 08:56:10 Windows Update
    09-05-2019 08:09:32 Windows Update
    12-05-2019 09:40:45 Windows Update
    14-05-2019 09:14:05 Windows Update
    14-05-2019 12:57:21 Removed Microsoft Silverlight
    14-05-2019 13:00:56 Configured HP
    16-05-2019 03:01:17 Windows Update
    16-05-2019 11:30:34 Removed RevTraxPrintMyCoupon
    16-05-2019 11:31:43 Removed RevTraxPrintMyCoupon

    ==================== Faulty Device Manager Devices =============

    Name: MpKslf3e2724b
    Description: MpKslf3e2724b
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKslf3e2724b
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/17/2019 12:56:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

    Error: (05/17/2019 12:56:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7379

    Error: (05/17/2019 12:56:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/17/2019 10:49:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5601

    Error: (05/17/2019 10:49:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5601

    Error: (05/17/2019 10:49:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/17/2019 09:16:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

    Error: (05/17/2019 02:33:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6864


    System errors:
    =============
    Error: (05/17/2019 11:27:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (05/17/2019 11:16:40 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/17/2019 11:09:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/17/2019 09:13:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Intuit Update Service v4 service hung on starting.

    Error: (05/17/2019 09:11:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The GoodSync Server service hung on starting.

    Error: (05/17/2019 09:07:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (05/17/2019 09:06:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    and APPID
    {344ED43D-D086-4961-86A6-1106F4ACAD9B}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (05/17/2019 09:06:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    Windows Defender:
    ===================================
    Date: 2014-08-18 04:07:22.688
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
    Name:Adware:Win32/BetterSurf
    ID:200821
    Severity:High
    Category:Adware
    Path Found:containerfile:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx->[ChromeCrxPackage]->ffWebexpEnhancedV1alpha177chaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome.manifest;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\ffWebexpEnhancedV1alpha177ffaction.js;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\default\WebexpEnhancedV1alpha177_32.png;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrome\content\icons\Thumbs.db;file:C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ff\chrom
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe

    Date: 2014-07-23 03:55:59.960
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/BetterSurf&threatid=200821
    Name:Adware:Win32/BetterSurf
    ID:200821
    Severity:High
    Category:Adware
    Path Found:containerfile:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;containerfile:C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1416\ch\MediaViewerV1alpha1416.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2722\ch\MediaViewV1alpha2722.crx;containerfile:C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3234\ch\MediaViewV1alpha3234.crx;containerfile:C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home386\ch\MediaWatchV1home386.crx;containerfile:C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta351\ch\VideoPlayerV3beta351.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ch\MediaPlayerV1alpha773.crx->[ChromeCrxPackage]->ffMediaPlayerV1alpha773chaction.js;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome.manifest;file:C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha773\ff\chrome\content\ffMediaPlayerV1al
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe

    Date: 2014-08-11 10:08:12.022
    Description:
    Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted:Current
    Error Code:0x80070002
    Error description:The system cannot find the file specified.
    Signature version:0.0.0.0
    Engine version:0.0.0.0

    Date: 2014-08-11 10:08:12.022
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version:
    Update Source:Signature Update Folder
    Signature Type:AntiSpyware
    Update Type:Delta
    Current Engine Version:
    Previous Engine Version:
    Error code:0x80070002
    Error description:The system cannot find the file specified.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 6.09 03/24/2011
    Motherboard: Hewlett-Packard 2AA7
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
    Percentage of memory in use: 63%
    Total physical RAM: 5943.11 MB
    Available physical RAM: 2197.42 MB
    Total Virtual: 11884.37 MB
    Available Virtual: 6815.28 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:910.18 GB) (Free:700.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:21.24 GB) (Free:2.6 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{820ec235-2ec0-11e2-abc8-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: B0CF9B15)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=910.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    Uninstall a Chrome Extension
    • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    • Click the trash can icon next to the following extension(s):
      Code:
      Hola Free VPN Proxy Unblocker
      Online Safety
    • A confirmation dialog will appear. Click Remove.

    -------------------------------------

    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press Ctrl+y (Ctrl and y keys at the same time)
    • A blank notepad file named fixlist.txt will open.
    • Copy and paste the following into it ....
    Code:
    Start
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
    Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
    Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
    Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
    FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
    CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
    S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
    S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
    S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]
    2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
    2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
    2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq
    
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
    AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
    FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
    FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
    FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
    FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
    FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
    FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
    FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
    FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
    FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
    FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    
    DeleteValue: HKLM\Software\WOW6432Node\Microsoft\Windows\Currentversion\Uninstall|{4956ACE3-F537-4418-BB45-FD52395275A7}
    VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    C:\Users\Home\AppData\Local\Programs\CouponViewer
    C:\Users\Home\AppData\Roaming\CATALI~1
    C:\Program Files (x86)\IObit
    C:\Users\Home\AppData\Local\Rich Media Player
    
    End
    
    • Press Ctrl+s to save fixlist.txt
    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Now press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log (fixlog.txt) in the same folder/directory as FRST
    • Please post the contents of fixlog.txt in your next reply.
     
  15. aimee

    aimee Thread Starter

    Joined:
    Apr 23, 2001
    Messages:
    161
    Just fyi, when I pressed Cntrl+y a notepad file opened but the name wasn't fixlist, it was a long string of characters, several of those windows opened if I held Cntrl+y each window had a different name.
    I was able to proceed and the result is below but I think those files are now on my system...I **think**

    Fix result of Farbar Recovery Scan Tool (x64) Version: 18-05.2019
    Ran by Home (18-05-2019 16:31:21) Run:1
    Running from C:\Users\Home\Desktop\Tech guy\FRST-OlderVersion
    Loaded Profiles: Home (Available Profiles: Home & LogMeInRemoteUser & Guest)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start

    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:

    HKLM\Software\...\AppCompatFlags\Custom\explorer.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8} - System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => C:\Windows\system32\pcalua.exe -a C:\Users\Home\Caroline\ADE_2.0_Installer.exe -d C:\Users\Home\Desktop
    Task: {5BC0E823-AFA2-4D53-994A-E9801BD2B5AA} - System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => C:\Windows\system32\pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYTJVT53\setup.exe" -d C:\Users\Home\Desktop
    Task: {EA6064A0-6007-4938-895E-81B9ECDC1EC5} - System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter
    Task: {FD0FA4F2-4CBE-4BC7-A633-F1019A622F46} - System32\Tasks\Driver Booster SkipUAC (Home) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    Task: C:\Windows\Tasks\CouponViewer Toolbar.job => C:\Users\Home\AppData\Local\Programs\CouponViewer\Add-On\2017.4.7.1\CVHP.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected] => not found
    FF HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\Firefox\Extensions: [@CustomNewTab] - C:\Users\Home\AppData\Roaming\Mozilla\FireFox\@CustomNewTab.xpi => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
    FF Plugin HKU\S-1-5-21-1287311948-1235629539-2080862382-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
    CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eammbikighnmacpfdhmcccgnfojcdhgn] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha177\ch\WebexpEnhancedV1alpha177.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Home\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
    S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 cpuz134; \??\C:\Users\Home\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S1 MpKslf3e2724b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86D53835-DBE4-46C4-B3C1-0A55F2A945E3}\MpKslf3e2724b.sys [X]
    S1 nsodcduk; \??\C:\Windows\system32\drivers\nsodcduk.sys [X]
    S1 sezncdzw; \??\C:\Windows\system32\drivers\sezncdzw.sys [X]
    2019-05-03 10:37 - 2019-05-03 10:38 - 000000000 ____D C:\Users\Home\AppData\Local\ProgsUpdate.FullPath
    2019-05-03 10:36 - 2019-05-03 10:37 - 000000000 ____D C:\Users\Home\AppData\Local\OysterPresentingReload
    2019-05-03 10:36 - 2019-05-03 10:36 - 000000000 ____D C:\Program Files (x86)\EquiangularBioassayffq

    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18760844-9468-D082-1298-07E985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {543FC507-9468-D082-5155-4EA585889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
    AlternateDataStreams: C:\ProgramData\Temp:B946D9EE [131]
    FirewallRules: [{A3D47993-0D64-4047-9904-D4C992FF5660}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE No File
    FirewallRules: [{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe No File
    FirewallRules: [{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe No File
    FirewallRules: [{00F6CD62-4F61-4604-AFD0-F08FC2C00628}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe No File
    FirewallRules: [{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{AA7E54D8-503E-49DB-B0E8-F12396915F89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
    FirewallRules: [{052BCD0B-5F3A-473D-8640-20FA18EE0961}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
    FirewallRules: [{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
    FirewallRules: [{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
    FirewallRules: [{F0D4F646-902F-4D4A-863B-D35A50FD1A05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{4E4D1A68-2768-4EB7-9F59-9830737D74CB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe No File
    FirewallRules: [{847B5864-1AA4-4900-834A-8EF958463F5E}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{90265E35-58EE-4342-BA10-DBB1C3D366C4}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\VncViewer.exe No File
    FirewallRules: [{BC5B1484-9861-406B-9583-E7FBBD8E21BC}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{05F74CF6-683A-410F-93E7-CF427AE2E297}] => (Allow) C:\Program Files (x86)\Advantig\OneClick-v2\repeater.exe No File
    FirewallRules: [{32032522-6213-40C8-9977-DBC56329DB5E}] => (Allow) C:\Users\Home\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{BA620A35-E4B4-4362-8F34-35B1E91A0696}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{7E0F222F-A14A-4749-8EE6-8273E74AB274}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe No File
    FirewallRules: [{B0D53210-965F-4FF7-B38E-BB029B9680BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{218C699F-EA3E-4E2C-BD25-60815DEA8295}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
    FirewallRules: [{93F88390-FA84-4577-A4A6-A9AA77525DFB}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{9FD1933C-070A-4F59-B910-FC7736365C30}] => (Allow) C:\Users\Home\AppData\Local\Temp\nsu85C.tmp\CnetInstaller-75864009.exe No File
    FirewallRules: [{B2DEC8FF-461C-4D37-AF06-D0913594CC04}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{09569B3D-22DC-4C18-A33E-F7E44B27C535}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{5E0A0B65-9410-47D2-8B85-C864E86DE096}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{18884B08-A31D-45B7-9D93-CC50BB1B691E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe No File
    FirewallRules: [{6216210E-37B4-417C-B48B-5FD7F44B38CB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{7D7E67DB-87BC-4D10-877C-8C39B06A405C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe No File
    FirewallRules: [{259838F4-09CB-421C-B48E-07C2BB48E0FB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{EB6623FC-6144-4E10-BECE-874200C8EE9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe No File
    FirewallRules: [{30A594F0-035D-4043-829E-D9CF9D49604C}] => (Allow) C:\Users\Home\AppData\Local\Chromium\Application\chrome.exe No File
    FirewallRules: [{0B126F13-E343-4FCE-BF97-F4311AF026F1}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}] => (Allow) C:\Users\Home\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{793E8149-8010-498C-9039-A02675B3222F}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
    FirewallRules: [{71245F99-2A20-4474-9B15-3FA28FF45D28}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File

    DeleteValue: HKLM\Software\WOW6432Node\Microsoft\Windows\Currentversion\Uninstall|{4956ACE3-F537-4418-BB45-FD52395275A7}
    VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    C:\Users\Home\AppData\Local\Programs\CouponViewer
    C:\Users\Home\AppData\Roaming\CATALI~1
    C:\Program Files (x86)\IObit
    C:\Users\Home\AppData\Local\Rich Media Player

    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.exe => removed successfully
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DAE0EE9-7BCC-4794-ACB8-2586F5F4B9C8}" => removed successfully
    C:\Windows\System32\Tasks\{CAD0DAE7-4564-475A-BB09-8BE928BE931E} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CAD0DAE7-4564-475A-BB09-8BE928BE931E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC0E823-AFA2-4D53-994A-E9801BD2B5AA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC0E823-AFA2-4D53-994A-E9801BD2B5AA}" => removed successfully
    C:\Windows\System32\Tasks\{A77B0BEF-406F-4756-8F8C-94C07B00B496} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A77B0BEF-406F-4756-8F8C-94C07B00B496}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA6064A0-6007-4938-895E-81B9ECDC1EC5}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA6064A0-6007-4938-895E-81B9ECDC1EC5}" => removed successfully
    C:\Windows\System32\Tasks\{DE7EBA4D-EE80-4D28-964B-09D14BE20417} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE7EBA4D-EE80-4D28-964B-09D14BE20417}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD0FA4F2-4CBE-4BC7-A633-F1019A622F46}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD0FA4F2-4CBE-4BC7-A633-F1019A622F46}" => removed successfully
    C:\Windows\System32\Tasks\Driver Booster SkipUAC (Home) => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Home)" => removed successfully
    C:\Windows\Tasks\CouponViewer Toolbar.job => moved successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
    "HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
    "HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
    HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
    "HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
    HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
    "HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
    HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}" => removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}" => removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
    "HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\Mozilla\Firefox\Extensions\\@CustomNewTab" => removed successfully
    HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
    HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0 => removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
    HKU\.DEFAULT\Software\MozillaPlugins\gingersoftware.com/gingerPlugin => removed successfully
    "C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll" => not found
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => removed successfully
    "C:\Users\Home\AppData\Roaming\CATALI~1\NPBCSK~1.DLL" => not found
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eammbikighnmacpfdhmcccgnfojcdhgn => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim => removed successfully
    HKLM\System\CurrentControlSet\Services\hpqwmiex => removed successfully
    hpqwmiex => service removed successfully
    HKLM\System\CurrentControlSet\Services\avchv => removed successfully
    avchv => service removed successfully
    HKLM\System\CurrentControlSet\Services\cpuz134 => removed successfully
    cpuz134 => service removed successfully
    HKLM\System\CurrentControlSet\Services\dbx => removed successfully
    dbx => service removed successfully
    HKLM\System\CurrentControlSet\Services\MpKslf3e2724b => removed successfully
    MpKslf3e2724b => service removed successfully
    HKLM\System\CurrentControlSet\Services\nsodcduk => removed successfully
    nsodcduk => service removed successfully
    HKLM\System\CurrentControlSet\Services\sezncdzw => removed successfully
    sezncdzw => service removed successfully
    C:\Users\Home\AppData\Local\ProgsUpdate.FullPath => moved successfully
    C:\Users\Home\AppData\Local\OysterPresentingReload => moved successfully
    C:\Program Files (x86)\EquiangularBioassayffq => moved successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\ChromeHTML => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850} => removed successfully
    HKU\S-1-5-21-1287311948-1235629539-2080862382-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    C:\ProgramData\Temp => ":373E1720" ADS removed successfully
    C:\ProgramData\Temp => ":B946D9EE" ADS removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3D47993-0D64-4047-9904-D4C992FF5660}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FCF52C4-3EB2-4119-BA0C-C5409B1B0C1F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B85F80CC-3E1A-4DBD-AA3F-AC6C1417C65F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00F6CD62-4F61-4604-AFD0-F08FC2C00628}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6DBEDCF-4868-4F9B-954A-D06FAEDDA9F0}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA7E54D8-503E-49DB-B0E8-F12396915F89}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{052BCD0B-5F3A-473D-8640-20FA18EE0961}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E1C5E5B-74B5-45C4-AD5A-4647894063A1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7044779-3EA7-4612-9E2B-DD0EF5ED8061}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0D4F646-902F-4D4A-863B-D35A50FD1A05}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A36C8677-41F0-480B-AE8C-BC53E7EFBBB4}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E4D1A68-2768-4EB7-9F59-9830737D74CB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{847B5864-1AA4-4900-834A-8EF958463F5E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B22AACE-8EA4-4D78-AFCC-6A6B9B40E7DC}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90265E35-58EE-4342-BA10-DBB1C3D366C4}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA10EDD8-DDE0-4723-9162-6AF58EE2BA60}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC5B1484-9861-406B-9583-E7FBBD8E21BC}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05F74CF6-683A-410F-93E7-CF427AE2E297}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32032522-6213-40C8-9977-DBC56329DB5E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA620A35-E4B4-4362-8F34-35B1E91A0696}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E0F222F-A14A-4749-8EE6-8273E74AB274}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0D53210-965F-4FF7-B38E-BB029B9680BC}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{218C699F-EA3E-4E2C-BD25-60815DEA8295}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93F88390-FA84-4577-A4A6-A9AA77525DFB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FD1933C-070A-4F59-B910-FC7736365C30}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2DEC8FF-461C-4D37-AF06-D0913594CC04}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09569B3D-22DC-4C18-A33E-F7E44B27C535}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E0A0B65-9410-47D2-8B85-C864E86DE096}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18884B08-A31D-45B7-9D93-CC50BB1B691E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6216210E-37B4-417C-B48B-5FD7F44B38CB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D7E67DB-87BC-4D10-877C-8C39B06A405C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{259838F4-09CB-421C-B48E-07C2BB48E0FB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB6623FC-6144-4E10-BECE-874200C8EE9E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30A594F0-035D-4043-829E-D9CF9D49604C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B126F13-E343-4FCE-BF97-F4311AF026F1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5AC2281-C42C-4565-9C1C-9C9AB923D9F4}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{793E8149-8010-498C-9039-A02675B3222F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71245F99-2A20-4474-9B15-3FA28FF45D28}" => removed successfully
    "HKLM\Software\WOW6432Node\Microsoft\Windows\Currentversion\Uninstall\\{4956ACE3-F537-4418-BB45-FD52395275A7}" => not found
    VirusTotal: C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe => https://www.virustotal.com/file/529...cbb6bbab80d7e54fe7d2546d/analysis/1558107520/
    C:\Users\Home\AppData\Local\Programs\CouponViewer => moved successfully
    "C:\Users\Home\AppData\Roaming\CATALI~1" => not found
    "C:\Program Files (x86)\IObit" => not found
    "C:\Users\Home\AppData\Local\Rich Media Player" => not found

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 427660990 B
    Java, Flash, Steam htmlcache => 23315 B
    Windows/system/drivers => 158096738 B
    Edge => 0 B
    Chrome => 456186971 B
    Firefox => 103778 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 33058 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 170062 B
    systemprofile32 => 49653 B
    LocalService => 132244 B
    NetworkService => 142121262 B
    Home => 1528123263 B
    LogMeInRemoteUser => 33058 B
    Guest => 13663991 B

    RecycleBin => 0 B
    EmptyTemp: => 2.5 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 16:34:20 ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Short URL to this thread: https://techguy.org/1227148

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice