Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Browser problems dds.scr wont run!

This is a discussion on Browser problems dds.scr wont run! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I am having trouble with some web pages playing up. Some I cant log into. Some I cant play


 
 
Thread Tools Search this Thread
Old 02-17-2017, 06:12 AM   #1
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Hi,
I am having trouble with some web pages playing up. Some I cant log into. Some I cant play sound cloud files. Noticed about 100 loopback addresses & connections when no apps alive for quiet a time. Login to email lags often mail wont open.

So I came here to run malwear fix.

Tried DDS.scr but I had eagle pcb design on, so I uninstalled it. Then dds.scr wanted to select program to open. Looked online a bit selected notepad. Now I am in jam how do I fix?
partybot is offline  
Sponsored Links
Advertisement
 
Old 02-17-2017, 01:26 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-17-2017, 06:29 PM   #3
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Adwcleaner:

# AdwCleaner v6.043 - Logfile created 18/02/2017 at 09:54:38
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Gary - PRECIOUS
# Running from : C:\Users\Gary\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\adblocker
[-] Folder deleted: C:\Program Files\Enigma Software Group


***** [ Files ] *****

[-] File deleted: C:\Users\Gary\Downloads\SpyHunter4.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-222160454-479590922-3030548390-1001\Software\sparktrust
[#] Key deleted on reboot: HKCU\Software\sparktrust
[-] Key deleted: HKLM\SOFTWARE\sparktrust
[#] Key deleted on reboot: [x64] HKCU\Software\sparktrust
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKU\S-1-5-21-222160454-479590922-3030548390-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2378 Bytes] - [22/09/2016 23:37:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [1745 Bytes] - [18/02/2017 09:54:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [2350 Bytes] - [22/09/2016 23:36:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [2033 Bytes] - [18/02/2017 09:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1964 Bytes] ##########

FRST>TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
Ran by Gary (administrator) on PRECIOUS (18-02-2017 10:09:37)
Running from C:\Users\Gary\Downloads
Loaded Profiles: Gary & NeroMediaHomeUser.4 (Available Profiles: Gary & NeroMediaHomeUser.4 & FixCompter & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Windows\SysWOW64\updtSer\winservicej.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Dropbox, Inc.) C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1023664 2016-08-31] (Samsung)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [Dropbox Update] => C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-22] (Piriform Ltd)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [Mailbird] => C:\Program Files (x86)\Mailbird\Mailbird.exe [7504336 2016-04-22] (Mailbird)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [15698792 2016-02-29] (eM Client s.r.o.)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [X-Lite] => C:\Users\Gary\AppData\Local\CounterPath\X-Lite\Current\X-Lite.exe [4679048 2016-12-25] (CounterPath)
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Run: [Zoiper] => C:\Program Files (x86)\Zoiper\Zoiper.exe [12548624 2015-07-14] ()
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-222160454-479590922-3030548390-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-12-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MyNetFone.lnk [2016-11-14]
ShortcutTarget: MyNetFone.lnk -> C:\Windows\Installer\{78A41D5A-1DA9-454E-856B-FE39F852FD90}\Icon6F1252E2.exe ()
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2017-01-11]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2016-12-17]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2015-08-23]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2d58a2cb-708b-42f5-a9ee-8a9a586bf610}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3648c94c-571b-4217-a170-5ba36fe383f1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6c180abb-3d48-404f-aa22-1c6906757a72}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{7e3c209f-fc48-4c40-bbbf-05f49d38d5a7}: [DhcpNameServer] 10.12.0.1
Tcpip\..\Interfaces\{dfd11378-f819-422b-9f85-14a2836adbea}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-222160454-479590922-3030548390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-222160454-479590922-3030548390-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-222160454-479590922-3030548390-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-222160454-479590922-3030548390-1001 -> {EFA9099D-FC35-44E1-81C1-660B6397CB6E} URL = hxxp://au.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-222160454-479590922-3030548390-1003 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-222160454-479590922-3030548390-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll => No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-222160454-479590922-3030548390-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

FireFox:
========
FF DefaultProfile: gn6fncfu.default-1451359507185
FF ProfilePath: C:\Users\Gary\AppData\Roaming\TomTom\HOME\Profiles\s5xm6c4m.default [2013-08-21]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185 [2017-02-18]
FF Homepage: Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185 -> hxxps://www.google.com.au/
FF Extension: (HTTPS Everywhere) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\[email protected] [2017-02-02]
FF Extension: (Norton Identity Safe) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\[email protected] [2017-01-18]
FF Extension: (Mailvelope) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\[email protected] [2017-01-18]
FF Extension: (Saved Password Editor) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\[email protected] [2016-11-30]
FF Extension: (Youtube Best Video Downloader 2) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2017-02-10]
FF Extension: (Bluhell Firewall) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-08-10]
FF Extension: (Ad-Blocker ) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\{b89efd87-232e-4829-87d2-22148919d72f}.xpi [2016-12-11]
FF Extension: (Bitdefender QuickScan) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-21]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\ostbbzil.default-1451368319880 [2017-02-17]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\oap34mr1.default-1451373129034 [2017-02-17]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\5xfmoafj.default-1451373607899 [2017-02-17]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\ivq61eo9.default-1451471233098 [2017-02-17]
FF Extension: (Bluhell Firewall) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\ivq61eo9.default-1451471233098\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-12-30]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.1.14\coFFAddon [2017-01-13]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.1.14\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-07-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Liveô Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default [2016-03-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\Exts\Chrome.crx [2017-01-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\Exts\Chrome.crx [2017-01-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-07-28] (Broadcom Corporation.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [397264 2016-04-22] (Mailbird)
S3 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe [289080 2016-11-12] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] () [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 winservicej; C:\WINDOWS\SysWOW64\updtSer\winservicej.exe [23552 2015-10-14] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmdag.sys [28729240 2016-12-08] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmpag.sys [530328 2016-12-08] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-29] (Advanced Micro Devices)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-07-28] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\BASHDefs\20170215.002\BHDrvx64.sys [1874136 2017-01-11] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1608010.00E\ccSetx64.sys [174328 2016-11-12] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R1 HssDRV6; C:\WINDOWS\system32\DRIVERS\hssdrv6.sys [41704 2012-08-02] (AnchorFree Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\IPSDefs\20170217.001\IDSvia64.sys [1038024 2017-01-13] (Symantec Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R0 mv61xx; C:\WINDOWS\System32\drivers\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
S1 PCC_DSCP; C:\WINDOWS\System32\DRIVERS\PCC_DSCP_x64.sys [21152 2013-02-21] (GENBAND)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\WINDOWS\system32\drivers\NISx64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\1608010.00E\SymELAM.sys [24192 2016-11-12] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-01-13] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NISx64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2016-07-16] (Marvell)
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\SDSDefs\20170113.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\SDSDefs\20170113.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 10:09 - 2017-02-18 10:10 - 00033746 _____ C:\Users\Gary\Downloads\FRST.txt
2017-02-18 10:09 - 2017-02-18 10:09 - 00000000 ____D C:\FRST
2017-02-18 10:06 - 2017-02-18 10:08 - 02422272 _____ (Farbar) C:\Users\Gary\Downloads\FRST64.exe
2017-02-18 10:05 - 2017-02-18 10:06 - 00000000 ____D C:\Users\Gary\Desktop\BrowserFix
2017-02-18 09:49 - 2017-02-18 09:50 - 04015056 _____ C:\Users\Gary\Downloads\AdwCleaner.exe
2017-02-17 21:56 - 2017-02-17 22:00 - 00688992 _____ (Swearware) C:\Users\Gary\Downloads\dds (1).scr
2017-02-17 21:55 - 2017-02-17 21:55 - 00688992 _____ (Swearware) C:\Users\Gary\Downloads\dds.scr
2017-02-17 18:21 - 2017-02-17 17:58 - 00504210 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170217-182132.backup
2017-02-17 17:58 - 2017-02-14 12:32 - 00956272 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170217-175828.backup
2017-02-14 12:32 - 2017-01-14 18:45 - 00955944 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170214-123223.backup
2017-02-14 09:40 - 2017-02-17 18:22 - 00000000 ____D C:\Users\Gary\AppData\Local\CrashDumps
2017-02-14 09:39 - 2017-02-14 09:39 - 08813488 _____ (Piriform Ltd) C:\Users\Gary\Downloads\ccsetup526.exe
2017-02-13 22:55 - 2017-02-13 22:55 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-13 22:55 - 2017-02-13 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-13 22:53 - 2017-02-13 22:55 - 00000000 ____D C:\Program Files\iTunes
2017-02-13 22:53 - 2017-02-13 22:53 - 00000000 ____D C:\Program Files\iPod
2017-02-08 09:15 - 2017-02-08 09:15 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-26 20:29 - 2017-01-26 20:31 - 00000000 ____D C:\Users\Gary\Downloads\MyLibaryEagle
2017-01-26 20:20 - 2017-01-26 20:21 - 00010018 _____ C:\Users\Gary\Downloads\wirepad2.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00012360 _____ C:\Users\Gary\Downloads\transistors.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00007024 _____ C:\Users\Gary\Downloads\resistors.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00005885 _____ C:\Users\Gary\Downloads\trafo-amveco.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00005885 _____ C:\Users\Gary\Downloads\trafo-amveco(1).lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00004220 _____ C:\Users\Gary\Downloads\tle2426.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00004220 _____ C:\Users\Gary\Downloads\tle2426(1).lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00003811 _____ C:\Users\Gary\Downloads\side-led.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00002570 _____ C:\Users\Gary\Downloads\smt-test-points.lbr
2017-01-26 20:20 - 2017-01-26 20:20 - 00002132 _____ C:\Users\Gary\Downloads\switch2.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00022030 _____ C:\Users\Gary\Downloads\microchip.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00007041 _____ C:\Users\Gary\Downloads\molex-kk.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00006327 _____ C:\Users\Gary\Downloads\opamps.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00004597 _____ C:\Users\Gary\Downloads\regulators.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00003561 _____ C:\Users\Gary\Downloads\jumpers.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00003147 _____ C:\Users\Gary\Downloads\reference.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00002691 _____ C:\Users\Gary\Downloads\power-mgmt.lbr
2017-01-26 20:19 - 2017-01-26 20:19 - 00002439 _____ C:\Users\Gary\Downloads\mosfet-drivers.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00007556 _____ C:\Users\Gary\Downloads\inductor-panasonic.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00005151 _____ C:\Users\Gary\Downloads\digi-pots.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00003851 _____ C:\Users\Gary\Downloads\fuse2.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00003824 _____ C:\Users\Gary\Downloads\con-berg-edit.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00003736 _____ C:\Users\Gary\Downloads\heatsinks.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00003527 _____ C:\Users\Gary\Downloads\diodes.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00003501 _____ C:\Users\Gary\Downloads\crd.lbr
2017-01-26 20:18 - 2017-01-26 20:18 - 00002859 _____ C:\Users\Gary\Downloads\dbridge.lbr
2017-01-26 20:17 - 2017-01-26 20:18 - 00014918 _____ C:\Users\Gary\Downloads\cirrus-dar.lbr
2017-01-26 20:17 - 2017-01-26 20:17 - 00007011 _____ C:\Users\Gary\Downloads\capacitors.lbr
2017-01-26 20:17 - 2017-01-26 20:17 - 00005625 _____ C:\Users\Gary\Downloads\audio-pots.lbr
2017-01-26 20:17 - 2017-01-26 20:17 - 00004563 _____ C:\Users\Gary\Downloads\buffers.lbr
2017-01-26 20:17 - 2017-01-26 20:17 - 00004542 _____ C:\Users\Gary\Downloads\battery.lbr
2017-01-26 20:17 - 2017-01-26 20:17 - 00004542 _____ C:\Users\Gary\Downloads\battery(1).lbr
2017-01-25 13:32 - 2016-12-21 15:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:32 - 2016-12-21 12:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 20:41 - 2017-01-26 20:15 - 00000000 ____D C:\Users\Gary\Documents\eagle
2017-01-23 20:33 - 2017-01-23 20:33 - 00000000 ____D C:\Users\Gary\AppData\Roaming\CadSoft
2017-01-23 20:33 - 2017-01-23 20:33 - 00000000 ____D C:\Users\Gary\AppData\Local\eagle
2017-01-23 20:30 - 2017-02-17 22:02 - 00000000 ____D C:\EAGLE 8.0
2017-01-23 20:28 - 2017-01-23 20:29 - 93764136 _____ (Autodesk, Inc. ) C:\Users\Gary\Downloads\Autodesk_EAGLE_8.0_English_Win_64bit.exe
2017-01-20 15:22 - 2017-01-20 15:22 - 00093426 _____ C:\Users\Gary\Downloads\30432967826-587260926-entrada.pdf
2017-01-20 15:18 - 2017-01-20 15:20 - 00000000 ____D C:\Users\Gary\Desktop\512 usb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 10:05 - 2017-01-13 13:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2017-02-18 10:03 - 2016-08-05 21:26 - 01125394 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-18 09:59 - 2015-10-16 14:28 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-02-18 09:59 - 2014-03-11 21:06 - 00000000 ____D C:\Users\Gary\AppData\Local\HTC MediaHub
2017-02-18 09:57 - 2016-08-05 22:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-18 09:55 - 2016-10-05 13:37 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-18 09:55 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-18 09:54 - 2016-09-22 23:33 - 00000000 ____D C:\AdwCleaner
2017-02-18 09:47 - 2016-08-05 21:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-18 01:50 - 2017-01-13 16:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-02-17 23:44 - 2016-11-16 11:19 - 00000000 ____D C:\Users\Gary\AppData\LocalLow\Mozilla
2017-02-17 21:53 - 2012-07-10 17:57 - 00000000 ____D C:\Users\Gary\Desktop\New folder
2017-02-17 18:26 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 18:25 - 2014-05-25 13:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-17 18:22 - 2016-08-05 21:30 - 00000000 ____D C:\Users\Gary
2017-02-17 18:22 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-17 14:42 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 11:02 - 2016-11-16 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-17 11:02 - 2015-11-22 02:27 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2017-02-16 05:00 - 2015-08-06 16:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-14 21:56 - 2013-01-04 10:35 - 00000000 ____D C:\Users\Gary\Desktop\mental health clinic videos
2017-02-14 21:15 - 2017-01-11 13:15 - 20359768 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-02-14 21:15 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 21:15 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 10:44 - 2013-06-29 15:27 - 00000000 ____D C:\Users\Gary\AppData\Roaming\vlc
2017-02-14 10:02 - 2012-06-26 12:45 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-14 09:40 - 2015-12-29 12:11 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-13 23:27 - 2016-07-16 14:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-13 22:53 - 2015-02-20 21:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-08 09:16 - 2013-10-04 20:01 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Dropbox
2017-02-03 19:49 - 2017-01-10 09:35 - 00000000 ____D C:\Users\Gary\Desktop\FOI 2013
2017-02-01 00:24 - 2015-12-29 13:48 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-01 00:24 - 2015-12-29 13:48 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-01 00:24 - 2015-12-29 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-01 00:24 - 2015-08-06 16:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-01 00:17 - 2015-12-30 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-01 00:17 - 2015-06-10 02:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-31 13:42 - 2015-12-30 01:01 - 00000000 ____D C:\Program Files (x86)\Mailbird
2017-01-27 23:42 - 2011-12-30 16:04 - 00006720 _____ C:\Users\Gary\Desktop\favtechno.txt
2017-01-27 05:29 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 20:32 - 2015-08-06 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-20 16:41 - 2015-11-18 11:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2013-09-18 19:52 - 2014-06-22 20:07 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-09-02 18:56 - 2014-09-02 18:56 - 0000000 _____ () C:\Users\Gary\AppData\Roaming\gdfw.log
2014-09-02 18:56 - 2014-09-02 18:56 - 0000779 _____ () C:\Users\Gary\AppData\Roaming\gdscan.log
2015-01-16 14:25 - 2015-02-03 23:26 - 0000053 _____ () C:\Users\Gary\AppData\Roaming\LogFile.txt
2015-02-03 20:16 - 2016-11-08 13:55 - 0136123 _____ () C:\Users\Gary\AppData\Local\ars.cache
2015-02-03 20:16 - 2016-11-08 13:56 - 0935922 _____ () C:\Users\Gary\AppData\Local\census.cache
2015-02-03 19:48 - 2015-02-03 19:48 - 0000036 _____ () C:\Users\Gary\AppData\Local\housecall.guid.cache
2012-01-30 00:46 - 2015-09-22 20:04 - 0007604 _____ () C:\Users\Gary\AppData\Local\Resmon.ResmonCfg
2015-12-28 18:33 - 2015-12-28 18:33 - 0000010 _____ () C:\Users\Gary\AppData\Local\sponge.last.runtime.cache
2015-12-29 11:29 - 2015-12-29 11:29 - 0236384 _____ () C:\ProgramData\1451359608.bdinstall.bin
2016-02-16 11:09 - 2016-02-16 11:09 - 0024979 _____ () C:\ProgramData\1455592159.bdinstall.bin
2016-03-22 23:37 - 2016-03-22 23:37 - 0025896 _____ () C:\ProgramData\1458661032.bdinstall.bin
2016-04-01 11:09 - 2016-04-01 11:09 - 0025971 _____ () C:\ProgramData\1459480132.bdinstall.bin
2016-06-14 20:16 - 2016-06-14 20:16 - 0026776 _____ () C:\ProgramData\1465906605.bdinstall.bin
2016-09-21 11:27 - 2016-09-21 11:27 - 0026826 _____ () C:\ProgramData\agent.1474428405.bdinstall.bin
2016-09-21 11:32 - 2016-09-21 11:32 - 0026549 _____ () C:\ProgramData\agent.1474428745.bdinstall.bin
2016-11-02 12:45 - 2016-11-02 12:45 - 0028748 _____ () C:\ProgramData\agent.1478061906.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 23:30

==================== End of FRST.txt ============================
partybot is offline  
Sponsored Links
Advertisement
 
Old 02-17-2017, 06:30 PM   #4
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by Gary (18-02-2017 10:12:18)
Running from C:\Users\Gary\Downloads
Windows 10 Pro Version 1607 (X64) (2016-08-05 14:24:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-222160454-479590922-3030548390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-222160454-479590922-3030548390-503 - Limited - Disabled)
FixCompter (S-1-5-21-222160454-479590922-3030548390-1006 - Administrator - Enabled) => C:\Users\FixCompter
Gary (S-1-5-21-222160454-479590922-3030548390-1001 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-222160454-479590922-3030548390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-222160454-479590922-3030548390-1002 - Limited - Enabled)
NeroMediaHomeUser.4 (S-1-5-21-222160454-479590922-3030548390-1003 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
wyiugedp (S-1-5-21-222160454-479590922-3030548390-1005 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Advanced Port Scanner 2.4 (HKLM-x32\...\{E76DE59B-D1B5-48AC-9C42-E49B48BC2089}) (Version: 2.4.2679 - Famatech)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
Amazon Drive (HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Amazon Drive) (Version: 3.5.5.56 - Amazon.com, Inc.)
Amazon Kindle (HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.19.1099 - Bitdefender)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CamView 3.0.5 (HKLM-x32\...\CamView3.0.5) (Version: 3.0.5 - )
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
Fallen Earth (HKLM-x32\...\Steam App 113420) (Version: - Reloaded Productions)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.36.0 - HTC)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
Internode Monthly Usage Meter 8.2a (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jpg To Pdf Converter version 1.3 (HKLM-x32\...\{48B7BF7A-22D1-4CA2-824D-047CAC7F4861}_is1) (Version: 1.3 - hxxp://allfileconverter.com/)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Mailbird (HKLM-x32\...\{7BC0F472-E332-4496-B1E3-C7D174CA2CC2}) (Version: 2.3.11 - Mailbird)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.69 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 en-US)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyNetFone (HKLM-x32\...\{78A41D5A-1DA9-454E-856B-FE39F852FD90}) (Version: 1.64.343 - Symbio)
Nero 8 Essentials (HKLM-x32\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.8.1.14 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.660.17897 - AVM Software Inc.)
PdfToJpgConverter version 1.0.3.1 (HKLM-x32\...\{69D337CC-B399-4525-8BFD-909CBDF13247}_is1) (Version: 1.0.3.1 - hxxp://allfileconverter.com)
PeaZip 4.4 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.4 - )
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Puran File Recovery 1.2.1 (HKLM\...\Puran File Recovery_is1) (Version: - Puran Software)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version: - )
Serviio (HKLM\...\Serviio) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skypeô 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16104.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16104.4 - Samsung Electronics Co., Ltd.) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stuck Pixel Fixer (HKLM-x32\...\{236D481D-81BD-4249-89EE-B2A44A234FBC}) (Version: 1.00.0000 - Cameron Gray)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.41 - En Masse Entertainment)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM-x32\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - )
X-Lite (HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\X-Lite) (Version: 4.9.7.83108 - CounterPath Corporation)
X-PRO 2.0 private build 1101 (HKLM-x32\...\X-PRO_is1) (Version: - Xten Networks, Inc.)
Yazak Chat 8.99.14 (HKLM-x32\...\Yazak Chat) (Version: 8.99.14 - ZakFromAnotherPlanet)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.9 - Securax LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.30.4\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046BD4BF-5431-49FD-9BD8-C181C60F7630} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {0AD781AD-B11E-483A-AF6F-528BF484AB89} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-222160454-479590922-3030548390-1001Core1d236d19719dbba => C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {0C2350B5-650F-4E65-B81C-BD7563079730} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {0D8EC398-ED87-4ED2-A99B-DD1954693712} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1ACA9CE6-4B1B-47FC-8BFF-AA05A179757E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {1EC086EC-A16F-4E69-A227-2D5803BF05F0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {260ACD36-D629-4E79-9293-4C90018D47F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {29C8A5E7-7661-4D85-AB8D-AEC79496E950} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2FBC9B6F-9851-42C0-A16F-E5DF4AC59310} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {381203C2-EF23-4E36-8FC2-79627059F544} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3C4C1314-94F4-4DE0-9A29-54D08529A433} - System32\Tasks\{2859351C-E8C9-4482-B2A0-42F3EA3DB85D} => pcalua.exe -a C:\Users\Gary\Downloads\blutoothDriver\Win7_Vista_V6.5.1.2700\Win32\instmsia.exe -d C:\Users\Gary\Downloads\blutoothDriver\Win7_Vista_V6.5.1.2700\Win32
Task: {46EF919A-EB1E-4EC3-BE3A-EB45B059A220} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4E7C5D70-B2FE-4788-AE8B-74657A28ABD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {5DCE41C3-CF2B-4747-AC6D-18E9B3D210A0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5DF7DF7D-985F-4FE0-8AB0-149E3C251D06} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {603635E7-482D-4339-8A65-F7CB7CDD015E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {67991B13-E6A0-46C9-943F-2CFF7DD459F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7027A2B6-7DB6-45CD-BE03-20D28C9708C3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7444920A-B8AE-4408-AE2C-C96FC96909A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7654F02F-73F8-4F4D-8FD4-1267E51B4102} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7E76DE52-B1C7-4BEA-BCCB-9288FB606914} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8045C62D-3213-435E-9F00-9912A6DDB5F4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {867AB596-7BB1-4738-AF31-9FA97AF8EA71} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {8BBA9238-E314-45BD-92E9-8EE793AEE38D} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {8FFB7987-8F7D-43B4-8F3F-FBF6570377C8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation)
Task: {9025C96B-ADE8-4708-AD75-FAC05AFB34B7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {90F5AD15-1254-47DF-B5FE-06590B2CB30B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {9874CC06-E1AA-400A-ACD8-A4B0984E058F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {9A57B0C8-4C90-4F08-ADE8-EB7CF0551B17} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9CCD66DB-B868-401E-8B4D-D4EEE7BC73B1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {9F9D962F-0697-476E-9969-A2F221BD7385} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {A0DDDB61-DF92-403E-82AD-15B508674819} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {A9AD3BA9-B59E-4F56-BA47-E110DE25735F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-222160454-479590922-3030548390-1001UA1d236d1987fa571 => C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B96FFEB8-F9F2-49DD-BA75-DEAB39379DE9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA2CBB08-3E02-4D61-A254-63DC5E3E2F3B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BFF3C367-861B-4F64-9099-512B137D9508} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C29C286C-C1B2-4436-A614-3A7B1F7160E7} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-11-12] (Symantec Corporation)
Task: {C5DEF394-7B69-4D88-BEE5-7C05D6DCAA7F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C8BB0DAB-3710-44FC-978D-3CF602245223} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {C961FACF-41CD-43C7-B95C-16771BEAE85A} - System32\Tasks\{1DCFD52F-DD70-49FA-8759-7CCE7B97893D} => pcalua.exe -a C:\Users\Gary\Downloads\blutoothDriver\Win7_Vista_V6.5.1.2700\Win32\instmsiw.exe -d C:\Users\Gary\Downloads\blutoothDriver\Win7_Vista_V6.5.1.2700\Win32
Task: {CC97EF45-4B55-4E04-B854-444FE7CE6AEF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {CDA259CB-FA8A-4C6A-AF01-75417C555495} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CFF2DA09-8544-4889-B130-7F4D84115ED1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D529AFBC-9FD9-4EB8-A77A-F9D17246B88C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {DFBD6D9E-A72F-4DA9-A385-C6C4E0CF3398} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E6D55410-BC83-4833-87CF-EEA6382C57B6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E9E3887D-050D-45BC-8465-21D4800979DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {EAF44390-8AA9-4D1A-AB8D-57D0E87AF88A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {FD1FEA19-4020-411A-AE19-74B3739417E7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-222160454-479590922-3030548390-1001Core1d236d19719dbba.job => C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-222160454-479590922-3030548390-1001UA1d236d1987fa571.job => C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Gary\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Gary\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:39 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-03-21 16:54 - 2015-03-21 16:54 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2015-10-16 00:30 - 2015-10-14 12:06 - 00023552 _____ () C:\WINDOWS\SysWoW64\updtSer\winservicej.exe
2016-12-14 17:39 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-05 22:52 - 2016-08-05 22:52 - 00959168 _____ () C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-01-27 10:46 - 2014-01-27 10:46 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2016-09-16 22:07 - 2016-09-07 12:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 18:51 - 2016-12-21 15:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 18:50 - 2016-12-21 14:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 18:50 - 2016-12-21 14:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 18:50 - 2016-12-21 14:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 18:50 - 2016-12-21 14:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 18:50 - 2016-12-21 14:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 18:50 - 2016-12-21 14:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-02-06 15:48 - 2017-02-06 15:49 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 15:48 - 2017-02-06 15:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 15:48 - 2017-02-06 15:49 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 15:48 - 2017-02-06 15:49 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2014-01-27 10:45 - 2014-01-27 10:45 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-01-27 10:46 - 2014-01-27 10:46 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-01-27 10:46 - 2014-01-27 10:46 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-01-27 10:46 - 2014-01-27 10:46 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-01-27 10:46 - 2014-01-27 10:46 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-01-27 10:47 - 2014-01-27 10:47 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-01-27 10:48 - 2014-01-27 10:48 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-12-29 13:47 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-29 13:47 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-29 13:47 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-29 13:47 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-02-08 09:15 - 2017-02-07 12:48 - 00801600 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-01-24 07:13 - 2017-01-14 07:53 - 00035792 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-01-24 07:13 - 2017-01-14 07:53 - 00100296 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-01-24 07:13 - 2017-01-14 07:53 - 00018888 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\select.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00019776 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-01-24 07:13 - 2017-01-14 07:53 - 00694224 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00020824 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-01-24 07:13 - 2017-01-14 07:54 - 00123856 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 01682768 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00020816 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-02-08 09:15 - 2017-01-14 07:53 - 00145864 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-02-08 09:15 - 2017-01-14 07:54 - 00019408 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-02-08 09:15 - 2017-01-14 07:53 - 00116688 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-01-24 07:13 - 2017-01-14 07:56 - 00105928 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00022864 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00052544 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00038712 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-08 09:15 - 2017-01-14 07:53 - 00392144 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-02-08 09:15 - 2017-01-14 07:56 - 00020936 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-01-24 07:13 - 2017-01-14 07:56 - 00024528 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00116176 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00381760 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-01-24 07:13 - 2017-01-14 07:56 - 00124880 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00026456 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-24 07:13 - 2017-01-14 07:56 - 00024016 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-01-24 07:13 - 2017-01-14 07:56 - 00175560 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00030160 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00043472 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00048592 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-01-24 07:13 - 2017-01-14 07:56 - 00057808 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00024016 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00246608 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00027488 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-24 07:13 - 2017-01-14 07:55 - 00241104 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00022336 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00028616 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 01826104 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-01-24 07:13 - 2017-01-14 07:54 - 00083912 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\sip.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 01972536 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 03928896 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00531264 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00025432 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00133432 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00224064 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00207680 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00021840 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00069968 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00022872 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00021848 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00022872 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00350152 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00103232 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00023896 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00025936 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 09:15 - 2017-01-14 07:51 - 00036296 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\librsync.dll
2017-02-08 09:15 - 2017-02-07 12:50 - 00033112 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-02-08 09:15 - 2016-12-22 14:58 - 00293392 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-02-08 09:15 - 2017-02-07 12:50 - 00084288 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-08 09:15 - 2017-01-14 08:02 - 00017864 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-02-08 09:15 - 2017-01-14 08:02 - 01631184 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-02-08 09:15 - 2017-02-07 12:50 - 00042816 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00171336 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00357688 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-01-24 07:13 - 2017-01-14 07:57 - 00060880 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-01-24 07:13 - 2017-02-07 12:50 - 00026456 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 09:15 - 2017-02-07 12:50 - 00546104 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
AlternateDataStreams: C:\Users\Gary\Downloads\amd-catalyst-15.7.1-win10-64bit(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Gary\Downloads\delfix_1.011.exe:BDU [0]
AlternateDataStreams: C:\Users\Gary\Downloads\JavaSetup8u60.exe:BDU [0]
AlternateDataStreams: C:\Users\Gary\Downloads\lws280.exe:BDU [0]
AlternateDataStreams: C:\Users\Gary\Downloads\spywareblastersetup52(1).exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: => <===== ATTENTION
HKU\S-1-5-21-222160454-479590922-3030548390-1001\Software\Classes\.scr: scr_auto_file => %SystemRoot%\system32\NOTEPAD.EXE %1 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> 1001 Namen
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com¬*-¬*This website is for sale!¬*-¬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123Movies Best Movies
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> WebMD - Better information. Better health.

There are 7930 more sites.

IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12747 more sites.

IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\1000gratisproben.com -> 1000gratisproben.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\1001namen.com -> 1001 Namen
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\100sexlinks.com -> 100sexlinks.com¬*-¬*This website is for sale!¬*-¬*Sexlinks Resources and Information.
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\123moviedownload.com -> 123Movies Best Movies
IE restricted site: HKU\S-1-5-21-222160454-479590922-3030548390-1003\...\123simsen.com -> WebMD - Better information. Better health.

There are 7930 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2017-02-17 18:21 - 00956214 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 Accuserve Online Ad Delivery System
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 27961 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-222160454-479590922-3030548390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\Pictures\EarthSpace.jpg
HKU\S-1-5-21-222160454-479590922-3030548390-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
HKLM\...\StartupApproved\StartupFolder: => "MyNetFone.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\StartupFolder: => "Serviio.lnk"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "KiesPDLR.exe"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "Mailbird"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "eM Client"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "X-Lite"
HKU\S-1-5-21-222160454-479590922-3030548390-1001\...\StartupApproved\Run: => "Zoiper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{79C2A296-1713-45D6-A40C-A65E851378B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8BF63C8-9BC8-4D4A-AAD8-B9AB4CF342E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCC28C77-7ED0-4729-ACB6-F9B68A7D8591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1FAAD40A-BE30-4582-95E1-521764CE2A51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC6E7F53-C7A0-4B4B-9515-E4BC369E6EED}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{3B71E8DD-61A5-4264-BC2B-FBA2685FD452}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{11AE604D-84A9-44D4-9491-AD05B59D1074}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{C1106651-8C13-45ED-8DA9-F66E6636C820}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0A2AE458-065B-4525-97C9-16F441AA202A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6D2D4BEF-8833-4722-93ED-38765C5DF88A}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{DDD39DC1-C92E-4196-8326-FBB81D25A955}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{DB7E076B-5571-47CA-A8CC-AE0D8A72DA35}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{3B9F3903-53AC-4E2B-9E0E-D1D95AE61B46}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{CABB33AB-333A-4C52-A779-51AF30811DEB}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TERA.exe
FirewallRules: [{66A118F6-EE2D-45B7-9AEF-39786293F977}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TERA.exe
FirewallRules: [{88E46D67-7E84-4476-939C-04AC0B86576B}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TERA.exe
FirewallRules: [{377831F9-0399-4FC5-BAFA-71FD56F20AB6}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TERA.exe
FirewallRules: [{BE9AAFDD-C1F0-4B04-8427-7EAA11FA2D17}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{BB81D4CB-E1BF-499F-9C44-9D6D70147AAD}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{A80678AD-746A-4508-967F-078BD96E08B9}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{35CC05A4-4D4D-4B42-A0A4-E60B988AB76F}] => (Allow) C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{4F0FF17B-8DC0-4FF7-8CB2-C549516B97A5}] => (Allow) C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37977C65-A182-4D9F-B3A9-76C3A7B115A9}] => (Allow) C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{979375AD-19A2-4B33-8838-F8F474BE1FE6}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{7A50DC1C-F3B0-43DD-9B1A-F97DF3174255}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{82472A45-F39E-4701-AD14-97857EECC4B4}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{BE672E39-2FF1-41B8-8958-D69E11295023}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{527FFE23-204E-4782-932B-2D0B3D3323B7}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{B27DE3FC-C7D3-453E-B222-973D74D5905A}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{944CB1F4-4309-492F-9C90-D6DDD16D3B50}] => (Allow) LPort=8090
FirewallRules: [{A0BB1CF8-4C00-4319-A50F-C1BA8C80C779}] => (Allow) LPort=20443
FirewallRules: [{4F5C18A2-EF3B-49E6-8730-18E397892522}] => (Allow) LPort=33333
FirewallRules: [{9483E5ED-64C4-49C6-A246-5E48DF131EB1}] => (Allow) LPort=6881
FirewallRules: [{FE123649-C400-4555-8EC1-77E380799AFC}] => (Allow) LPort=27022
FirewallRules: [{0548EE7E-61D1-4970-9E5F-2038791F6713}] => (Allow) LPort=7853
FirewallRules: [{FE168FA6-BD97-4B51-81AC-D680E62DE8AA}] => (Allow) LPort=7852
FirewallRules: [{B4AFFAD0-6EBD-446C-97B5-8C94870FBE98}] => (Allow) LPort=7850
FirewallRules: [{28B223EF-FC2C-4414-8994-9B74C273F629}] => (Allow) LPort=3478
FirewallRules: [{DBF175E0-9CED-46CF-8A69-8AFE15D3F8AF}] => (Allow) LPort=20010
FirewallRules: [{0026BDA4-3AA3-471A-AC67-EAE107A77B49}] => (Allow) LPort=443
FirewallRules: [{148A180F-0C75-4E46-AAAE-FA1500EDEC26}] => (Allow) LPort=80
FirewallRules: [{5C6B0E86-6DBD-4973-B3AF-7EDAEE432883}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{752CFA79-F545-45E8-9EA8-A1FB89A51FFB}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{6F1D8F10-65C5-4972-8EE7-82C5BF7FC246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Earth F2P\FEUpdater.exe
FirewallRules: [{445C20A3-E71B-4884-893B-42AD14BAF4A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Earth F2P\FEUpdater.exe
FirewallRules: [{37AAFC64-534F-42A7-A338-FDBDCFE47766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AD97E5C0-9632-4D22-9EEF-DEA8136576B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5EC4C69F-DE11-4EE0-9B4F-6568CBADA1C5}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{37B7940F-0B28-4731-9BBB-E5F745C32111}] => (Allow) C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E03997F4-9C48-4385-AA0E-3483A0936163}] => (Allow) C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{67B67DAE-C956-4D9B-AD24-F32891C333F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{60E6FB1C-DE0E-416A-8CA9-8648B029953F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{3938972F-AE4E-4D45-880D-E3A5823CA774}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F05F4367-48B9-4EF1-856C-5C20C5DF7B45}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{4643C918-09F5-4795-B95C-06C849A18D84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A061E24C-BC96-4363-9CCF-D2DED51036C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2BC2D9C8-A931-4E1A-9E7F-2451ACE4802F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{6F6BBF8A-8E8C-425F-8374-4F02E15FD99A}] => (Allow) C:\Program Files (x86)\Gizmo5\Gizmo5.exe
FirewallRules: [{1A92346A-600C-47DC-B5DC-0FC32EAD3A9D}] => (Allow) C:\Program Files (x86)\Gizmo5\Gizmo5.exe
FirewallRules: [{6A36CAF2-243A-4D4B-A0A8-D4BDF4E38058}] => (Allow) C:\Program Files (x86)\Gizmo5\Gizmo5.exe
FirewallRules: [{D8779F18-E2B8-40B3-B193-E220341D78C4}] => (Allow) C:\Program Files (x86)\Gizmo5\Gizmo5.exe
FirewallRules: [UDP Query User{9A23192F-E093-402D-8FCF-DA44FE354322}C:\program files (x86)\nch swift sound\talk\talk.exe] => (Block) C:\program files (x86)\nch swift sound\talk\talk.exe
FirewallRules: [TCP Query User{433E56CD-B5CB-4985-BCA2-E96D74589C6B}C:\program files (x86)\nch swift sound\talk\talk.exe] => (Block) C:\program files (x86)\nch swift sound\talk\talk.exe
FirewallRules: [{251EF4C2-4BC1-429C-B7A3-658777968CDB}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{90B7FE72-A77A-4FDB-8158-70411ED8AEB7}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{63A1AEB2-B10C-412D-A9D2-7A2EC537EDF8}] => (Allow) C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe
FirewallRules: [{361A74A4-3021-487E-98CB-0ECD8128A239}] => (Allow) C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe
FirewallRules: [{F02AAE19-2571-41B4-8121-A6CD756BB036}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B58FC637-AA2A-4562-919F-3DDA77070343}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{512F1234-6114-48BA-B6EE-F309A5042E86}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
FirewallRules: [{A2A83AF7-52B3-4765-AE91-603E9D819151}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
FirewallRules: [{5520BD62-CB2F-42C4-9CF2-24A872039096}] => (Allow) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{FA5305F6-2984-4801-B354-528BF240D842}] => (Allow) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{2F5FD1F6-79FD-43DD-8CC6-18730514F2D8}] => (Allow) LPort=5070
FirewallRules: [{B586AB90-8359-4DA4-8A84-D46C6468459B}] => (Allow) LPort=8009
FirewallRules: [{7CEA212C-BEF0-417F-A113-4069E0F6F95E}] => (Allow) LPort=8008
FirewallRules: [{037AC61E-D72A-495B-BFE5-FA091E9846DB}] => (Allow) LPort=8007
FirewallRules: [{6BD488FA-7FB7-44DD-95A4-A36A68AADC5A}] => (Allow) LPort=8006
FirewallRules: [{7053487B-CF7D-48ED-903D-C184668B1370}] => (Allow) LPort=8005
FirewallRules: [{2729E1F2-DA01-46DB-99D9-2ABB759BA995}] => (Allow) LPort=8004
FirewallRules: [{F9D7FA57-6370-4A51-B64F-E67462943516}] => (Allow) LPort=8003
FirewallRules: [{27305C2F-18DA-4D1E-B565-4A5FEEA68C63}] => (Allow) LPort=8002
FirewallRules: [{E6BA224F-5269-44C5-9431-E83D5A860092}] => (Allow) LPort=8001
FirewallRules: [{B3D86D20-D4D5-4A14-9D91-6994404972EE}] => (Allow) LPort=8000
FirewallRules: [{FB46C15A-51C3-4B92-9B5D-48590833C909}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3E8F9B3A-AF91-4884-9D1D-742FAA0332A3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8E461F50-D9E9-4491-9D28-2714595C0B92}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{6ABDBB98-B118-4F48-8180-A5262C2AD081}C:\program files (x86)\steam\steamapps\sectioncell\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\sectioncell\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{082F5BCC-A6A2-4334-854E-D7FFD0C074F1}C:\program files (x86)\steam\steamapps\sectioncell\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\sectioncell\team fortress 2\hl2.exe
FirewallRules: [{D6C3EB17-EF20-4952-A132-745056CEC788}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6BBCE14A-399D-44F0-B8E0-2B4EF268CED1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{174C968E-EEDC-487D-8920-600C1D6C9ECB}] => (Allow) LPort=1900
FirewallRules: [{294ADB5E-77A3-4102-973E-AE80676DEB0B}] => (Allow) LPort=2869
FirewallRules: [{C616B0DC-905C-4E90-9C2F-7C6B3D8F6F04}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B984E1E1-4094-44BE-9FA0-9B87A84DE7EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4D83FFBA-F459-4583-84AE-B11BF4708275}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8C0426BA-623B-4CC0-9B72-CF7FD9AFA382}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{1E11AFDD-8476-41FE-A895-464C7CF12E48}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{A9D3AAF6-EF02-4D6E-A59D-20FBF367E82D}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{6ABB2EE1-8100-464B-AA8A-2569DEB99708}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D3EFABE-2127-45A4-903A-089BCBDC03D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C62E1868-D8CC-4F97-A062-8A6E4FE9C0ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5A48EF1-A07E-4DD0-8088-ED1A7D6C917C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E48973E-2681-485C-AEA1-B287E594CDED}] => (Allow) C:\Program Files\Has Apps Com\addon\netman.exe
FirewallRules: [{C6DEBA97-6704-449F-97A6-E36446835339}] => (Allow) C:\Program Files\Has Apps Com\addon\netman.exe
FirewallRules: [{8E6B7B95-EEE6-4576-96C6-FE699EF5B689}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E0C8666F-B84E-4F2B-BDB0-B7F77E12F30E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C514D159-3026-46CE-A3F3-0860294078C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A17F0179-1061-4A9F-8D87-3B925775029F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{EAC847F3-34F3-4E54-8895-56FD4BA63B9E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{8AA49275-D930-4971-8E78-584E564EAF3A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{10AB4A07-30A4-4999-AEF5-109EF3D7545E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B5065E3E-7837-4D50-973D-7412E9F218CC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{EF44CA9D-4881-4702-85F1-4F965D16BDEE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BA943B2F-A108-4BBD-AA1A-2EEC13C6FF19}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{EF6007B1-5F6F-4AC6-B402-719982E53A7A}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F2CC0397-3B6A-49BD-A833-60CEB91458EA}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B3D22B2D-66AC-48E9-99B9-728EA1A98D51}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-01-2017 05:26:47 Windows Update
03-02-2017 23:33:52 Scheduled Checkpoint
12-02-2017 23:34:25 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2017 06:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.5.42.130, time stamp: 0x535a5196
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x2878
Faulting application start time: 0x01d28903ec048d94
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
Report Id: 02540bcd-f5f6-470a-a5ed-41adf5824b5c
Faulting package full name:
Faulting package-relative application ID:

Error: (02/17/2017 06:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDImmunize.exe, version: 2.5.42.130, time stamp: 0x535a5156
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x1398
Faulting application start time: 0x01d28903f33b5615
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
Report Id: baafe851-6785-427b-9a80-3c4b473155a1
Faulting package full name:
Faulting package-relative application ID:

Error: (02/17/2017 04:07:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: CSGSuggestLib.dll, version: 0.0.0.0, time stamp: 0x585a25a7
Exception code: 0xc0000005
Fault offset: 0x0000000000036bc7
Faulting process id: 0x250
Faulting application start time: 0x01d2860d5dbd73ea
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
Report Id: 831f3394-7cde-41df-ba2e-fc69327cfff9
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/17/2017 03:08:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: Precious)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe1018


System errors:
=============
Error: (02/18/2017 10:00:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (02/18/2017 09:58:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2017 09:58:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2017 09:58:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2017 09:57:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/18/2017 09:57:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetTcpPortSharing service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/18/2017 09:57:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetTcpPortSharing service to connect.

Error: (02/18/2017 09:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/18/2017 09:54:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Nero MediaHome 4 Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Restart the service.

Error: (02/18/2017 09:54:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-02-18 09:56:55.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-17 18:25:31.473
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-13 23:22:51.545
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-07 21:18:35.794
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-01 00:16:42.125
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-13 13:25:17.517
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-11 22:10:05.936
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-05 14:03:45.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-05 09:49:11.661
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-25 13:39:38.030
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PCC_DSCP_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 57%
Total physical RAM: 4095.05 MB
Available physical RAM: 1754.48 MB
Total Virtual: 8191.05 MB
Available Virtual: 5152.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:592.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B4A0E192)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
partybot is offline  
Old 02-18-2017, 09:35 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello partybot. Was BitDefender a previous install? You should uninstall Bitdefender Agent via Programs and Features in your Control Panel.

Also, uninstall Spybot while we clean your machine. You can re-install it later once we are done.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.30.4\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-222160454-479590922-3030548390-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    Task: {CDA259CB-FA8A-4C6A-AF01-75417C555495} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
    AlternateDataStreams: C:\Users\Gary\Downloads\amd-catalyst-15.7.1-win10-64bit(2).exe:BDU [0]
    AlternateDataStreams: C:\Users\Gary\Downloads\delfix_1.011.exe:BDU [0]
    AlternateDataStreams: C:\Users\Gary\Downloads\JavaSetup8u60.exe:BDU [0]
    AlternateDataStreams: C:\Users\Gary\Downloads\lws280.exe:BDU [0]
    AlternateDataStreams: C:\Users\Gary\Downloads\spywareblastersetup52(1).exe:BDU [0]
    HKLM\...\.scr: => <===== ATTENTION
    HKU\S-1-5-21-222160454-479590922-3030548390-1001\Software\Classes\.scr: scr_auto_file => %SystemRoot%\system32\NOTEPAD.EXE %1 <===== ATTENTION
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    GroupPolicy\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll => No File
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll No File
    DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    FF Extension: (Bitdefender QuickScan) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fncfu.default-1451359507185\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-21]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\\antispam32\bdwteff => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
    R1 HssDRV6; C:\WINDOWS\system32\DRIVERS\hssdrv6.sys [41704 2012-08-02] (AnchorFree Inc.)
    U3 idsvc; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-18-2017, 09:24 PM   #6
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



I have lost all network connections.PC will not fix network adapters.
netsh int ip reset comand prompt says
resetting interface ok
resettting unicast adress ok
resetting neighbour ok
resetting path ok
resetting ,failed
access is denied

restart the computer to complete this action

ipconfig command shows nothing

im on my xbox i tried format pc failed said no drivers detected
partybot is offline  
Old 02-18-2017, 11:39 PM   #7
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



I just went to Restore>reset PC>reset

I reset PC & deleted all apps option that keeps my files & the reset did a clean install of windows 10 & now I can connect to internet.
partybot is offline  
Old 02-19-2017, 10:36 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Glad you got it all sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-19-2017, 05:40 PM   #9
Registered Member
 
Join Date: Oct 2007
Posts: 61
OS: Windows 10



Thanks for your support. I also did a Norton scan & found trogen gen 8

I am hopeful things are good.


Also my machine is 8 & 1/2 years old & I haven't done a clean install of OP in years. I am holding out for a few months to get a new machine!

Well thanks again!
partybot is offline  
Old 02-20-2017, 01:59 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. If you want, you can run AdwCleaner and FRST again, and I'll take a look at your logs.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-26-2017, 06:38 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Having Issues with my Laptop, possible virus, malware, adware
Hey guys I'm not quite sure what's going on with my laptop. These are the issues: 1. Very slow 2. Multiple tabs open up and I don't even touch or click on anything, I could just be reading something on a page. 3. There's highlighted words randomly on the browser and if you put the mouse over...
MetalAngelz Resolved HJT Threads 20 12-24-2014 11:31 AM
bad image error and norton 360
Hi, My initial problem was trying to get rid of the "Bad Image" error message that has been popping up on literally every file and folder on my PC (Windows XP). Situation has gone from bad to worse as i installed norton 360 5.0. Now nothing works, unable to connect to the internet, unable to...
royalmc Resolved HJT Threads 25 04-07-2011 07:36 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:50 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts