Page 1 of 7 123 ... LastLast
Results 1 to 10 of 68
  1. #1
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default HP Laptop Infected

    Hello Joe, think I am infected and hijacked. You have helped previously and hope you can again?

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello millworkman,

    Lets get a look at the computer first so we can proceed an a logical fashion, we will use Farber for that


    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. (64Bit or 32Bit) If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  3. #3
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Thanks Joe, here we go

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
    Ran by Herb (administrator) on HERB-PC (05-12-2015 19:06:51)
    Running from C:\Users\Herb\Desktop
    Loaded Profiles: Herb & Admiis (Available Profiles: Herb & Admiis & DefaultAppPool)
    Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\mcchhost.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (hxxp://express-player.com) C:\Users\Herb\AppData\Local\Temp\ExpressPlayerrDCeyXx8Yn.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Dropbox, Inc.) C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2014-10-13] (Bluebeam Software, Inc.)
    HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [174136 2014-10-13] (Bluebeam Software, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2015-07-17] (Synaptics Incorporated)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [Dropbox Update] => C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Policies\Explorer: []
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    Startup: C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-23]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-05]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-05]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{aae55f4a-c140-4b21-81f7-080dbe43962e}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{bc84ffe2-6b6b-4277-bdb7-d0620dc5be93}: [DhcpNameServer] 167.206.13.180 167.206.13.181

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-57612297-3157999027-2505413976-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-26] (Google Inc.)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-26] (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-57612297-3157999027-2505413976-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-57612297-3157999027-2505413976-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Herb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-31] (Citrix Online)
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-01] [not signed]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-18] [not signed]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
    FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-31] [not signed]
    FF HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Profile 2 -> hxxp://www-searching.com/?pid=s&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,&vp=ch&prd=set
    CHR StartupUrls: Profile 2 -> "hxxp://www-searching.com/?pid=s&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,&vp=ch&prd=set"
    CHR DefaultSearchURL: Profile 2 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,
    CHR DefaultSearchKeyword: Profile 2 -> www-searching.com
    CHR DefaultSuggestURL: Profile 2 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (HP Product Detection Plugin) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-10-30]
    CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-14]
    CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-14]
    CHR Extension: (WOT) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-13]
    CHR Extension: (YouTube) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
    CHR Extension: (Google Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
    CHR Extension: (avast! Online Security) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-16]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-01-13]
    CHR Extension: (Crackle) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-01-13]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-01-13]
    CHR Extension: (Google Wallet) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
    CHR Extension: (LogMeIn) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-09-02]
    CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
    CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
    CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-23]
    CHR Extension: (Adblock Plus) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-28]
    CHR Extension: (SiteAdvisor) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-01-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
    CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-26] (SUPERAntiSpyware.com)
    R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-05-15] (Flexera Software LLC)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-12-02] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [711032 2015-08-21] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1251264 2015-09-01] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502936 2015-07-17] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [335600 2015-07-15] (McAfee, Inc.)
    R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [242408 2015-06-29] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-07-17] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U0 amlb; C:\WINDOWS\System32\drivers\gnrbn.sys [52440 2015-12-05] (Malwarebytes)
    R3 athr; C:\WINDOWS\system32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70672 2015-07-02] (McAfee, Inc.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [67800 2015-06-16] (McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [315576 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [269872 2015-07-02] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69656 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [380504 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [658528 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [419248 2015-06-28] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [89544 2015-06-28] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-12-02] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [223520 2015-07-02] (McAfee, Inc.)
    R3 RSPCIESTOR; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [287488 2015-08-07] (Realtek Semiconductor Corp.)
    R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-05 19:06 - 2015-12-05 19:07 - 00024525 _____ C:\Users\Herb\Desktop\FRST.txt
    2015-12-05 19:06 - 2015-12-05 19:06 - 00000000 ____D C:\FRST
    2015-12-05 19:05 - 2015-12-05 19:06 - 01719808 _____ (Farbar) C:\Users\Herb\Desktop\FRST.exe
    2015-12-05 19:05 - 2015-12-05 19:05 - 01719808 _____ (Farbar) C:\Users\Herb\Downloads\FRST.exe
    2015-12-05 19:03 - 2015-12-05 19:03 - 02369024 _____ (Farbar) C:\Users\Herb\Downloads\FRST64.exe
    2015-12-05 18:51 - 2015-12-05 18:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Herb\Downloads\HijackThis.exe
    2015-12-05 18:50 - 2015-12-05 18:51 - 00002374 _____ C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-05 18:50 - 2015-12-05 18:51 - 00000000 ___RD C:\Users\Admiis\OneDrive
    2015-12-05 18:47 - 2015-12-05 18:47 - 00000000 __RSD C:\Users\Admiis\Documents\McAfee Vaults
    2015-12-05 18:46 - 2015-12-05 18:46 - 00000000 ____D C:\Users\Admiis\AppData\Local\ActiveSync
    2015-12-05 18:45 - 2015-12-05 18:45 - 00000000 ____D C:\Users\Admiis\AppData\Local\Publishers
    2015-12-05 18:44 - 2015-12-05 19:04 - 00000000 ____D C:\Users\Admiis\AppData\Local\Packages
    2015-12-05 18:44 - 2015-12-05 18:44 - 00000020 ___SH C:\Users\Admiis\ntuser.ini
    2015-12-05 18:44 - 2015-12-05 18:44 - 00000000 ____D C:\Users\Admiis\AppData\Local\TileDataLayer
    2015-12-05 18:44 - 2015-12-05 18:44 - 00000000 ____D C:\Users\Admiis\AppData\Local\McAfee File Lock
    2015-12-05 17:34 - 2015-12-05 17:34 - 00052440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\gnrbn.sys
    2015-12-05 16:35 - 2015-12-05 16:35 - 00000000 ____D C:\Users\Herb\AppData\Roaming\SimpleFiles
    2015-12-05 16:32 - 2015-12-05 16:32 - 00000000 ____D C:\Users\Herb\AppData\Roaming\csdimedia
    2015-12-05 09:12 - 2015-12-05 09:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2015-12-04 19:31 - 2015-12-04 19:31 - 00000000 ____D C:\Users\Herb\AppData\Local\ActiveSync
    2015-12-04 19:29 - 2015-12-04 19:29 - 00000020 ___SH C:\Users\Herb\ntuser.ini
    2015-12-04 06:59 - 2015-12-05 17:42 - 00000000 ___DC C:\WINDOWS\Panther
    2015-12-04 06:53 - 2015-12-04 06:53 - 00000000 ____D C:\Windows.old
    2015-12-04 06:52 - 2015-12-04 06:52 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 05797728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2015-12-04 06:52 - 2015-12-04 06:52 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-12-04 06:52 - 2015-12-04 06:52 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01925120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01086464 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00727752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00641728 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00504624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00471392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00443744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2015-12-04 06:52 - 2015-12-04 06:52 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00364176 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00205824 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00113624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00076128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00043376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00030048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2015-12-04 06:50 - 2015-12-04 06:50 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\WINDOWS\system32\msmq
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\WINDOWS\system32\BestPractices
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\Program Files\MSBuild
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\inetpub
    2015-12-04 06:46 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2015-12-04 06:46 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-04 06:46 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-12-04 06:40 - 2015-12-04 06:40 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\My Documents
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2015-12-04 04:26 - 2015-12-05 16:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-12-04 04:15 - 2015-12-05 17:35 - 00001451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2015-12-04 04:09 - 2015-12-04 04:09 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
    2015-12-04 04:08 - 2015-12-04 04:16 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2015-12-04 04:06 - 2015-12-05 18:50 - 00000000 ____D C:\Users\Admiis
    2015-12-04 04:06 - 2015-12-05 16:39 - 00000000 ____D C:\Users\Herb
    2015-12-04 04:06 - 2015-12-04 04:21 - 00000000 ____D C:\Users\DefaultAppPool
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\My Documents
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\Documents\My Videos
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\Documents\My Pictures
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\Documents\My Music
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\My Documents
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\Documents\My Videos
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\Documents\My Pictures
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\Documents\My Music
    2015-12-04 04:05 - 2015-12-05 16:45 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 ____D C:\WINDOWS\system32\sda
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 ____D C:\Program Files\Synaptics
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
    2015-12-04 04:00 - 2015-12-04 04:17 - 00292408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-11-20 21:00 - 2015-12-04 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
    2015-11-15 08:31 - 2015-11-15 08:31 - 00311871 _____ C:\Users\Herb\Desktop\Amazon 1115.pdf
    2015-11-13 18:50 - 2015-12-04 04:16 - 00000000 ____D C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-11-08 07:29 - 2015-11-08 07:28 - 07033285 _____ C:\Users\Herb\Desktop\StellinoCWN-15APT0421.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-05 19:06 - 2015-10-30 00:13 - 00000000 ____D C:\Windows
    2015-12-05 19:04 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-05 18:49 - 2015-10-31 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-12-05 18:49 - 2015-06-19 19:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-12-05 18:49 - 2014-02-23 09:44 - 00000000 ___RD C:\Users\Admiis\Dropbox
    2015-12-05 18:47 - 2014-02-03 15:48 - 00000000 ____D C:\Users\Admiis\AppData\Roaming\Dropbox
    2015-12-05 18:44 - 2015-08-07 04:15 - 00000000 __RHD C:\Users\Public\AccountPictures
    2015-12-05 18:44 - 2013-07-13 16:06 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-05 18:34 - 2013-07-13 16:06 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-05 18:33 - 2015-06-19 19:01 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2015-12-05 17:51 - 2015-10-31 19:12 - 00000000 __RSD C:\Users\Herb\Documents\McAfee Vaults
    2015-12-05 17:51 - 2013-07-13 20:32 - 00000000 ___RD C:\Users\Herb\Dropbox
    2015-12-05 17:51 - 2013-07-13 20:23 - 00000000 ____D C:\Users\Herb\AppData\Roaming\Dropbox
    2015-12-05 17:42 - 2015-10-30 00:47 - 00000000 ____D C:\WINDOWS\INF
    2015-12-05 17:35 - 2015-10-31 19:12 - 00001949 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
    2015-12-05 17:35 - 2015-09-07 13:49 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-12-05 17:35 - 2015-08-07 04:22 - 00002366 _____ C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-05 17:35 - 2015-08-06 20:37 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-05 17:35 - 2015-02-15 14:27 - 00001976 _____ C:\Users\Public\Desktop\Bluebeam Revu.lnk
    2015-12-05 17:35 - 2014-05-15 19:28 - 00002033 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
    2015-12-05 17:35 - 2014-05-15 19:27 - 00001971 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
    2015-12-05 17:35 - 2014-05-15 19:24 - 00002026 _____ C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
    2015-12-05 17:35 - 2014-01-12 17:07 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2015-12-05 17:35 - 2013-09-01 20:12 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2015-12-05 17:35 - 2013-09-01 20:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2015-12-05 17:35 - 2013-07-23 18:43 - 00001028 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-12-05 17:35 - 2013-07-13 16:57 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-12-05 17:35 - 2013-07-13 16:54 - 00001955 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-12-05 17:34 - 2014-05-05 19:28 - 00001602 _____ C:\Users\Herb\Desktop\Remote Desktop Connection.lnk
    2015-12-05 17:34 - 2014-02-23 15:48 - 00001001 _____ C:\Users\Herb\Desktop\Dropbox.lnk
    2015-12-05 17:34 - 2013-09-01 09:14 - 00001279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
    2015-12-05 17:34 - 2013-07-19 17:37 - 00001481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
    2015-12-05 17:34 - 2013-07-19 17:37 - 00001475 _____ C:\Users\Herb\Desktop\partypoker.lnk
    2015-12-05 17:34 - 2013-07-13 18:27 - 00002675 _____ C:\Users\Herb\Desktop\Microsoft Office Word 2007.lnk
    2015-12-05 17:34 - 2013-07-13 18:27 - 00002637 _____ C:\Users\Herb\Desktop\Microsoft Office Excel 2007.lnk
    2015-12-05 16:54 - 2014-07-27 11:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-12-05 16:53 - 2014-07-27 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-12-05 16:53 - 2014-07-27 11:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-12-05 16:39 - 2015-10-30 00:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2015-12-05 16:39 - 2013-07-13 16:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-05 09:04 - 2015-10-30 00:39 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-12-05 07:31 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\AppCompat
    2015-12-04 21:32 - 2015-06-17 18:21 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-57612297-3157999027-2505413976-1001Core.job
    2015-12-04 20:56 - 2015-10-30 00:48 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-12-04 19:53 - 2015-08-07 04:15 - 00000000 ____D C:\Users\Herb\AppData\Local\Packages
    2015-12-04 19:51 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2015-12-04 19:37 - 2015-08-07 04:22 - 00000000 ___RD C:\Users\Herb\OneDrive
    2015-12-04 19:37 - 2015-02-15 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluebeam Software
    2015-12-04 19:31 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2015-12-04 19:31 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\MiracastView
    2015-12-04 19:30 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2015-12-04 06:59 - 2015-10-30 00:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-04 06:53 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\system32\Dism
    2015-12-04 06:47 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2015-12-04 06:46 - 2015-10-30 00:45 - 01014272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
    2015-12-04 06:46 - 2015-10-30 00:45 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
    2015-12-04 06:46 - 2015-10-30 00:45 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
    2015-12-04 06:46 - 2015-10-30 00:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
    2015-12-04 06:46 - 2015-10-30 00:45 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
    2015-12-04 04:32 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-04 04:30 - 2015-08-06 19:47 - 00031404 _____ C:\WINDOWS\diagerr.xml
    2015-12-04 04:30 - 2015-08-06 19:47 - 00030483 _____ C:\WINDOWS\diagwrn.xml
    2015-12-04 04:29 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\Registration
    2015-12-04 04:28 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-12-04 04:27 - 2015-08-06 20:42 - 00021412 _____ C:\WINDOWS\system32\emptyregdb.dat
    2015-12-04 04:25 - 2015-10-30 00:48 - 00000000 __RSD C:\WINDOWS\Media
    2015-12-04 04:24 - 2015-10-30 00:48 - 00000000 __RHD C:\Users\Public\Libraries
    2015-12-04 04:16 - 2015-10-30 01:58 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-12-04 04:16 - 2015-10-30 00:13 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
    2015-12-04 04:16 - 2014-11-28 11:04 - 00000000 ____D C:\WINDOWS\system32\vbox
    2015-12-04 04:16 - 2014-05-15 21:26 - 00000000 ____D C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2015-12-04 04:16 - 2014-05-12 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-12-04 04:16 - 2014-02-23 09:43 - 00000000 ____D C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-04 04:16 - 2014-02-01 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    2015-12-04 04:16 - 2014-01-11 16:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
    2015-12-04 04:16 - 2013-09-01 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    2015-12-04 04:16 - 2013-09-01 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-12-04 04:16 - 2013-08-10 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    2015-12-04 04:16 - 2013-07-29 18:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2015-12-04 04:16 - 2013-07-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-12-04 04:16 - 2013-07-16 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-04 04:16 - 2013-07-13 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2015-12-04 04:16 - 2013-07-13 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-12-04 04:16 - 2013-07-13 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-12-04 04:16 - 2009-07-13 23:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-12-04 04:15 - 2015-07-10 01:59 - 00000000 ____D C:\Users\Default.migrated
    2015-12-04 04:11 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-12-04 04:11 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-12-04 04:11 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\IME
    2015-12-04 04:11 - 2013-07-14 22:17 - 00000000 ____D C:\WINDOWS\system32\SPReview
    2015-12-04 04:10 - 2013-07-14 22:17 - 00000000 ____D C:\WINDOWS\system32\EventProviders
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\schemas
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\ProgramData\USOPrivate
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\System
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-12-04 04:09 - 2013-07-19 17:29 - 00000000 ____D C:\Program Files\Microsoft Games
    2015-12-04 04:09 - 2013-07-18 20:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2015-12-04 04:04 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-12-04 04:00 - 2015-10-30 02:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2015-12-04 03:32 - 2015-10-30 02:33 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-11-26 22:12 - 2014-05-12 19:43 - 00000000 ____D C:\Program Files\7-Zip
    2015-11-23 20:08 - 2013-12-22 20:28 - 00002266 ____H C:\Users\Herb\Documents\Default.rdp
    2015-11-18 20:33 - 2015-10-31 19:09 - 00000000 ____D C:\Program Files\McAfee
    2015-11-12 21:29 - 2013-07-13 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-11-12 21:25 - 2013-08-14 21:45 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-11-12 21:13 - 2013-07-16 18:46 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-11-12 20:22 - 2014-01-09 18:45 - 00000000 ____D C:\Users\Herb\Desktop\Receipts
    2015-11-06 19:56 - 2013-07-27 17:01 - 00000000 ____D C:\ProgramData\McAfee

    ==================== Files in the root of some directories =======

    2015-08-16 16:46 - 2015-08-16 19:27 - 0000096 _____ () C:\Users\Herb\AppData\Roaming\redline2stapler.tmp
    2013-09-01 09:12 - 2015-03-05 18:58 - 0006624 _____ () C:\ProgramData\hpzinstall.log
    2014-04-24 20:14 - 2014-05-15 19:25 - 0000263 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2015-02-15 14:29 - 2015-02-15 14:29 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some files in TEMP:
    ====================
    C:\Users\Admiis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppcqfv7.dll
    C:\Users\Herb\AppData\Local\Temp\ExpressPlayerrDCeyXx8Yn.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-04 04:00

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-12-2015
    Ran by Herb (2015-12-05 19:08:07)
    Running from C:\Users\Herb\Desktop
    Microsoft Windows 10 Pro (X86) (2015-12-04 09:31:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Admiis (S-1-5-21-57612297-3157999027-2505413976-1005 - Administrator - Enabled) => C:\Users\Admiis
    Administrator (S-1-5-21-57612297-3157999027-2505413976-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-57612297-3157999027-2505413976-503 - Limited - Disabled)
    Guest (S-1-5-21-57612297-3157999027-2505413976-501 - Limited - Disabled)
    Herb (S-1-5-21-57612297-3157999027-2505413976-1001 - Administrator - Enabled) => C:\Users\Herb
    HomeGroupUser$ (S-1-5-21-57612297-3157999027-2505413976-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    7-Zip 15.12 (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Franšais, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    BbeXtreme (Version: 12.6.0 - Bluebeam Software) Hidden
    Bluebeam Revu 12 (HKLM\...\InstallShield_{8C284678-3F62-48F1-8B2C-2B102D2D6867}) (Version: 12.6.0 - Bluebeam Software)
    Bluebeam Revu 12 (Version: 12.6.0 - Bluebeam Software) Hidden
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C4400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    Citrix Online Launcher (HKLM\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
    D2400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    D2400_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
    Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dropbox (HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
    LavasoftTcpService (HKLM\...\{5916A24B-59A4-4FDB-9753-499CB1F65362}) (Version: 2.3.4.2 - Lavasoft)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    McAfee Multi Access - Total Protection (HKLM\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
    partypoker (HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\PartyPoker) (Version: - )
    PS_AIO_03_C4400_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File

    ==================== Restore Points =========================

    05-12-2015 09:03:18 Windows Update
    05-12-2015 16:14:03 JRT Pre-Junkware Removal
    05-12-2015 16:36:20 JRT Pre-Junkware Removal
    05-12-2015 17:50:10 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2015-05-31 19:34 - 00450166 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 activate.wip3.adobe.com127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 15442 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BD6CE5-F6C9-45B2-9E91-28D23438AB78} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {07A7A1C5-4FBA-4F80-B591-185C203820A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0957777E-9BCC-40F9-9B69-5D562CC7F5DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {0C40E1FD-B0A3-4851-96A5-33418CDC96FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {0DD245D5-A5E5-473D-968E-50561E2E60F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {0F450E7F-67A3-40E0-8681-9C716805B34E} - System32\Tasks\ExpressPlayer Installer Starter => C:\Users\Herb\AppData\Local\Temp\ExpressPlayerrDCeyXx8Yn.exe [2015-12-05] (hxxp://express-player.com) <==== ATTENTION
    Task: {13C08159-96A6-43BD-9FC4-12B7C953616B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-57612297-3157999027-2505413976-1001Core => C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
    Task: {1C3C93F8-D055-4BD0-8C47-BCF2E0AE1EA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {24FE5FCD-4707-46A4-AF5B-FE04D8A06C07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: {25C0E321-78C2-48A6-BCD9-04027350BC5D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {25D8B200-52EC-4DCB-8FB6-D7C1B2A3182D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {27F86418-5FC6-41F0-AD42-D6095780D5D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {2F119B5E-0B14-44ED-A760-9719BE77EF7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {328B8003-47E5-47D5-B08A-4BB979425E86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {37F4EC31-59BC-4C3E-A281-9501A11E566C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4266D9AC-830F-4FED-87B7-97EC8A7AA2DC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {47189EAB-FBC5-4482-8C2E-EC45CF6FBB97} - System32\Tasks\Rush Style2 => Rundll32.exe "C:\Users\Herb\AppData\Local\Rush Style\{184B50A6-6765-B15B-6678-65776B1A615F}\xvyq.dll",#1
    Task: {48BDC965-E072-4C99-B462-245AEF010866} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {49FE350C-0EE5-4393-8F54-D485CCE70CA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {553215DC-9F6F-4339-B22B-6CF55990A9C8} - \IBUpd -> No File <==== ATTENTION
    Task: {614B5358-FA04-47B6-99CA-B8741A8289DE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {67E48A01-DD94-479E-AB89-6679A3E0C83A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {69E03C4E-690A-4264-8BCB-C13CBD0A71E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6C2EDC9B-0CC3-46A9-8C52-022FD3D61802} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {6DD2E3A8-1ED5-4FFF-836B-FBB1D9655537} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7C373A58-B024-4542-84F8-636B52369C35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7F2FEA2B-416F-4A56-AB58-042DDEE84278} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {80F701A3-7528-42A3-9883-E47E164E52BC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
    Task: {82EF410C-BB9E-4E5D-96D9-60484D565DCA} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-10-26] (CyberLink)
    Task: {8A6BE1A6-C0AF-4C35-A2A7-56FE2244A6EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9CB9C8B5-7CE2-4B09-8BCB-4891EBC9A062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9D115CB1-327F-403E-A23D-156C72246F4D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9ECC9B3E-4587-4F6E-87C6-8DFBE85BB5E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9F83D613-B31B-4881-9A18-94A40DEDF75F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A270ACDA-BF7A-4DFF-B4C1-639F73700D13} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B2A3E12C-0DF1-46DF-AFE4-21AB4FA2E4CD} - System32\Tasks\{F1F9E6CA-6117-4E85-98D6-0D35134F53BE} => pcalua.exe -a C:\Users\Herb\Downloads\Vistawall-OldCastle-v15.exe -d C:\Users\Herb\Downloads
    Task: {B7A72F98-E8C2-43B3-B11E-EC3A5809FC1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B98EC9C5-857F-4A93-9764-443833B7EA27} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
    Task: {BA9BA3D8-61E3-4119-B6DD-E0CFAD7B56F0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {C2EB035D-9CF2-4B26-AF7E-AE18FA5E463F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C52EF520-60A8-4932-AA4B-C3ECC19A956E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {CDC0DB9E-1BAF-4282-AAA3-A1D3788FF107} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CE8E677A-CB1A-43A6-9F5C-69A9808EE584} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D11A7F9E-FBC5-40D3-B34A-7B23840C8E3F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D85D5480-FD97-4206-9D71-08F4B2142031} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DD031793-A475-48D8-808E-CD8DAEDC70B0} - System32\Tasks\{927ECC44-C9E0-4116-A279-418C6F56B559} => pcalua.exe -a "C:\Program Files\MaxDrivrUpdater\uninstall.exe"
    Task: {E631B780-04DD-46C3-A8D9-1CECE540646C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {ECB6D60A-CD5F-420C-8FDD-2B4F687F2DC8} - System32\Tasks\Rush Style => Rundll32.exe "C:\Users\Herb\AppData\Local\Rush Style\{184B50A6-6765-B15B-6678-65776B1A615F}\RushStyle.dll",#1
    Task: {F71BF47C-4A4C-4289-82C6-A9FD61FB999B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {FC2277F8-9A49-47AA-8AFD-FD361328A899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FD6BC3B9-92AC-49B6-B143-4A6F926DE5FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FEB7F6CC-608C-48D4-90AB-519A81847553} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-57612297-3157999027-2505413976-1001Core.job => C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 00:44 - 2015-10-30 00:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 05352960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00696320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-05 07:36 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
    2015-12-05 07:36 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.73\libegl.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00039456 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00106016 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00049184 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00744992 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2015-09-30 18:38 - 2015-11-04 18:44 - 00166416 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
    2015-12-05 18:47 - 2015-12-05 18:47 - 00071168 _____ () c:\users\admiis\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppcqfv7.dll
    2015-10-02 19:28 - 2015-09-02 19:11 - 00012800 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-03-04 16:45 - 2015-09-02 19:11 - 00779776 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-10-02 19:28 - 2015-09-02 19:11 - 00056320 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-10-02 19:28 - 2015-09-02 19:11 - 00012288 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-domains-registrations.com -> 1 Domains Technology Blog |
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7857 more sites.

    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1-domains-registrations.com -> 1 Domains Technology Blog |
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7857 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Herb\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    HKU\S-1-5-21-57612297-3157999027-2505413976-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
    FirewallRules: [{1C645187-350D-4851-8CF4-B9673C7A3E69}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [TCP Query User{65759661-A55B-4B2B-A14E-3A8C66B80DD2}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{4F072388-5E72-4DB4-8D7E-CD7BCE737CB6}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{11C22F5B-8B86-40D7-9A4C-B3B33768846D}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{AC703DB0-BCD9-4332-9F61-2C4ED18AB4FD}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{A5D2ADB0-CD56-4C34-A515-49CF05BF3B54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{47D17812-F291-4225-AF3C-1F990308CA34}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{30D8C4AB-51BD-4544-A587-664A4C9B0200}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A81AFB34-87B0-499D-AA2E-22D287F26450}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{691684ED-20A3-426F-B777-DBCC1F775AAD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{EDDB3AC1-4497-48AE-9E4B-377BD4A36924}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{5FC78721-87DC-4013-A0F2-4492D4A60DD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{6473C857-5691-408A-9F12-E01070D4166E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{19CA588C-0EB3-471A-8949-8140B1DC18EC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{1A5B2BC7-73B5-4849-A25E-3AE2FF9E71F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{F6578C24-B2DF-4617-8A82-81E07440BBD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{8B67C9C0-F4AA-4C3D-BECE-F6A84630B034}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{8CE6B298-D88B-4D0E-B602-0E889AE34072}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{DBDDD5DB-606E-4200-A389-B5952297D192}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{06195D7F-61C9-4BED-A8EF-9953112C3C0A}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{95A35D96-2DBA-42B6-970D-0AFAC3B453C9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{361EBA54-131C-428D-A8F9-230EEFB3F98F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{03702866-8729-4181-9A96-6255667C9C48}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{B178A7CB-125F-4672-940A-F55094127F80}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{A50E28E4-A047-4E2D-AB6A-276276F9749D}] => (Allow) C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{16AEA692-71CF-48ED-A36B-F77DD24CD680}] => (Allow) C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{E5739623-411E-4A0F-A9C7-B674302564C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{DBA1FB0E-9043-435D-8274-2C9C8756BBDA}] => (Allow) LPort=50248
    FirewallRules: [{A3B7BC7E-4655-4426-9D79-E21925F0EF77}] => (Allow) LPort=7939
    FirewallRules: [{6A9DC065-537D-4D34-8BB3-9C0645EAA7C7}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{0D2B7AF0-C064-4493-BA63-786ED60F4713}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{F561FECF-B3F5-426F-862E-CEACA28F83AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{F6B58C45-8B96-4D60-8650-F64C45304119}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{8B803C55-702E-48CC-979C-CB2B31012643}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/05/2015 07:04:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (12/05/2015 05:51:21 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 04:45:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

    Error: (12/05/2015 04:44:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Background Intelligent Transfer Service service hung on starting.

    Error: (12/05/2015 04:43:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

    Error: (12/05/2015 04:40:28 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (12/05/2015 04:40:22 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}


    CodeIntegrity:
    ===================================
    Date: 2015-12-05 16:48:48.268
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:26:25.076
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:26:24.859
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:21:44.078
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:01:03.486
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II P360 Dual-Core Processor
    Percentage of memory in use: 61%
    Total physical RAM: 3578.9 MB
    Available physical RAM: 1360.16 MB
    Total Virtual: 7162.9 MB
    Available Virtual: 4515.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:282.82 GB) (Free:218.04 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0EC2D9DF)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=282.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================

  4. #4
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Thanks Joe, here we go

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
    Ran by Herb (administrator) on HERB-PC (05-12-2015 19:06:51)
    Running from C:\Users\Herb\Desktop
    Loaded Profiles: Herb & Admiis (Available Profiles: Herb & Admiis & DefaultAppPool)
    Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\mcchhost.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (hxxp://express-player.com) C:\Users\Herb\AppData\Local\Temp\ExpressPlayerrDCeyXx8Yn.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Dropbox, Inc.) C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2014-10-13] (Bluebeam Software, Inc.)
    HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [174136 2014-10-13] (Bluebeam Software, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2015-07-17] (Synaptics Incorporated)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [Dropbox Update] => C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Policies\Explorer: []
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    Startup: C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-23]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-05]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-05]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{aae55f4a-c140-4b21-81f7-080dbe43962e}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{bc84ffe2-6b6b-4277-bdb7-d0620dc5be93}: [DhcpNameServer] 167.206.13.180 167.206.13.181

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-57612297-3157999027-2505413976-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-26] (Google Inc.)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-26] (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-57612297-3157999027-2505413976-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-57612297-3157999027-2505413976-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Herb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-31] (Citrix Online)
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-01] [not signed]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-18] [not signed]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
    FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-31] [not signed]
    FF HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Profile 2 -> hxxp://www-searching.com/?pid=s&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,&vp=ch&prd=set
    CHR StartupUrls: Profile 2 -> "hxxp://www-searching.com/?pid=s&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,&vp=ch&prd=set"
    CHR DefaultSearchURL: Profile 2 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,
    CHR DefaultSearchKeyword: Profile 2 -> www-searching.com
    CHR DefaultSuggestURL: Profile 2 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (HP Product Detection Plugin) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-10-30]
    CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-14]
    CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-14]
    CHR Extension: (WOT) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-13]
    CHR Extension: (YouTube) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
    CHR Extension: (Google Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
    CHR Extension: (avast! Online Security) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-16]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-01-13]
    CHR Extension: (Crackle) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-01-13]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-01-13]
    CHR Extension: (Google Wallet) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
    CHR Extension: (LogMeIn) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-09-02]
    CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
    CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
    CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-23]
    CHR Extension: (Adblock Plus) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-28]
    CHR Extension: (SiteAdvisor) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-01-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
    CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-26] (SUPERAntiSpyware.com)
    R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-05-15] (Flexera Software LLC)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-12-02] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [711032 2015-08-21] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1251264 2015-09-01] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502936 2015-07-17] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [335600 2015-07-15] (McAfee, Inc.)
    R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [242408 2015-06-29] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [315512 2015-07-21] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-07-17] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U0 amlb; C:\WINDOWS\System32\drivers\gnrbn.sys [52440 2015-12-05] (Malwarebytes)
    R3 athr; C:\WINDOWS\system32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70672 2015-07-02] (McAfee, Inc.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [67800 2015-06-16] (McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [315576 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [269872 2015-07-02] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69656 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [380504 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [658528 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [419248 2015-06-28] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [89544 2015-06-28] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-12-02] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [223520 2015-07-02] (McAfee, Inc.)
    R3 RSPCIESTOR; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [287488 2015-08-07] (Realtek Semiconductor Corp.)
    R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-05 19:06 - 2015-12-05 19:07 - 00024525 _____ C:\Users\Herb\Desktop\FRST.txt
    2015-12-05 19:06 - 2015-12-05 19:06 - 00000000 ____D C:\FRST
    2015-12-05 19:05 - 2015-12-05 19:06 - 01719808 _____ (Farbar) C:\Users\Herb\Desktop\FRST.exe
    2015-12-05 19:05 - 2015-12-05 19:05 - 01719808 _____ (Farbar) C:\Users\Herb\Downloads\FRST.exe
    2015-12-05 19:03 - 2015-12-05 19:03 - 02369024 _____ (Farbar) C:\Users\Herb\Downloads\FRST64.exe
    2015-12-05 18:51 - 2015-12-05 18:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Herb\Downloads\HijackThis.exe
    2015-12-05 18:50 - 2015-12-05 18:51 - 00002374 _____ C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-05 18:50 - 2015-12-05 18:51 - 00000000 ___RD C:\Users\Admiis\OneDrive
    2015-12-05 18:47 - 2015-12-05 18:47 - 00000000 __RSD C:\Users\Admiis\Documents\McAfee Vaults
    2015-12-05 18:46 - 2015-12-05 18:46 - 00000000 ____D C:\Users\Admiis\AppData\Local\ActiveSync
    2015-12-05 18:45 - 2015-12-05 18:45 - 00000000 ____D C:\Users\Admiis\AppData\Local\Publishers
    2015-12-05 18:44 - 2015-12-05 19:04 - 00000000 ____D C:\Users\Admiis\AppData\Local\Packages
    2015-12-05 18:44 - 2015-12-05 18:44 - 00000020 ___SH C:\Users\Admiis\ntuser.ini
    2015-12-05 18:44 - 2015-12-05 18:44 - 00000000 ____D C:\Users\Admiis\AppData\Local\TileDataLayer
    2015-12-05 18:44 - 2015-12-05 18:44 - 00000000 ____D C:\Users\Admiis\AppData\Local\McAfee File Lock
    2015-12-05 17:34 - 2015-12-05 17:34 - 00052440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\gnrbn.sys
    2015-12-05 16:35 - 2015-12-05 16:35 - 00000000 ____D C:\Users\Herb\AppData\Roaming\SimpleFiles
    2015-12-05 16:32 - 2015-12-05 16:32 - 00000000 ____D C:\Users\Herb\AppData\Roaming\csdimedia
    2015-12-05 09:12 - 2015-12-05 09:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2015-12-04 19:31 - 2015-12-04 19:31 - 00000000 ____D C:\Users\Herb\AppData\Local\ActiveSync
    2015-12-04 19:29 - 2015-12-04 19:29 - 00000020 ___SH C:\Users\Herb\ntuser.ini
    2015-12-04 06:59 - 2015-12-05 17:42 - 00000000 ___DC C:\WINDOWS\Panther
    2015-12-04 06:53 - 2015-12-04 06:53 - 00000000 ____D C:\Windows.old
    2015-12-04 06:52 - 2015-12-04 06:52 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 05797728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2015-12-04 06:52 - 2015-12-04 06:52 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-12-04 06:52 - 2015-12-04 06:52 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01925120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01086464 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00727752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00641728 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00504624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00471392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00443744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2015-12-04 06:52 - 2015-12-04 06:52 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00364176 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00205824 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00113624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00076128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00043376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00030048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2015-12-04 06:52 - 2015-12-04 06:52 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2015-12-04 06:52 - 2015-12-04 06:52 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2015-12-04 06:50 - 2015-12-04 06:50 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\WINDOWS\system32\msmq
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\WINDOWS\system32\BestPractices
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\Program Files\MSBuild
    2015-12-04 06:47 - 2015-12-04 06:47 - 00000000 ____D C:\inetpub
    2015-12-04 06:46 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2015-12-04 06:46 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-04 06:46 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-12-04 06:40 - 2015-12-04 06:40 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\My Documents
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2015-12-04 04:26 - 2015-12-05 16:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-12-04 04:15 - 2015-12-05 17:35 - 00001451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2015-12-04 04:09 - 2015-12-04 04:09 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
    2015-12-04 04:08 - 2015-12-04 04:16 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2015-12-04 04:06 - 2015-12-05 18:50 - 00000000 ____D C:\Users\Admiis
    2015-12-04 04:06 - 2015-12-05 16:39 - 00000000 ____D C:\Users\Herb
    2015-12-04 04:06 - 2015-12-04 04:21 - 00000000 ____D C:\Users\DefaultAppPool
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\My Documents
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\Documents\My Videos
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\Documents\My Pictures
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Herb\Documents\My Music
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\My Documents
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\Documents\My Videos
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\Documents\My Pictures
    2015-12-04 04:06 - 2015-12-04 04:06 - 00000000 _SHDL C:\Users\Admiis\Documents\My Music
    2015-12-04 04:05 - 2015-12-05 16:45 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 ____D C:\WINDOWS\system32\sda
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 ____D C:\Program Files\Synaptics
    2015-12-04 04:02 - 2015-12-04 04:02 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
    2015-12-04 04:00 - 2015-12-04 04:17 - 00292408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-11-20 21:00 - 2015-12-04 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
    2015-11-15 08:31 - 2015-11-15 08:31 - 00311871 _____ C:\Users\Herb\Desktop\Amazon 1115.pdf
    2015-11-13 18:50 - 2015-12-04 04:16 - 00000000 ____D C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-11-08 07:29 - 2015-11-08 07:28 - 07033285 _____ C:\Users\Herb\Desktop\StellinoCWN-15APT0421.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-05 19:06 - 2015-10-30 00:13 - 00000000 ____D C:\Windows
    2015-12-05 19:04 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-05 18:49 - 2015-10-31 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-12-05 18:49 - 2015-06-19 19:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-12-05 18:49 - 2014-02-23 09:44 - 00000000 ___RD C:\Users\Admiis\Dropbox
    2015-12-05 18:47 - 2014-02-03 15:48 - 00000000 ____D C:\Users\Admiis\AppData\Roaming\Dropbox
    2015-12-05 18:44 - 2015-08-07 04:15 - 00000000 __RHD C:\Users\Public\AccountPictures
    2015-12-05 18:44 - 2013-07-13 16:06 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-05 18:34 - 2013-07-13 16:06 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-05 18:33 - 2015-06-19 19:01 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2015-12-05 17:51 - 2015-10-31 19:12 - 00000000 __RSD C:\Users\Herb\Documents\McAfee Vaults
    2015-12-05 17:51 - 2013-07-13 20:32 - 00000000 ___RD C:\Users\Herb\Dropbox
    2015-12-05 17:51 - 2013-07-13 20:23 - 00000000 ____D C:\Users\Herb\AppData\Roaming\Dropbox
    2015-12-05 17:42 - 2015-10-30 00:47 - 00000000 ____D C:\WINDOWS\INF
    2015-12-05 17:35 - 2015-10-31 19:12 - 00001949 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
    2015-12-05 17:35 - 2015-09-07 13:49 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-12-05 17:35 - 2015-08-07 04:22 - 00002366 _____ C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-05 17:35 - 2015-08-06 20:37 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-05 17:35 - 2015-02-15 14:27 - 00001976 _____ C:\Users\Public\Desktop\Bluebeam Revu.lnk
    2015-12-05 17:35 - 2014-05-15 19:28 - 00002033 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
    2015-12-05 17:35 - 2014-05-15 19:27 - 00001971 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
    2015-12-05 17:35 - 2014-05-15 19:24 - 00002026 _____ C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
    2015-12-05 17:35 - 2014-01-12 17:07 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2015-12-05 17:35 - 2013-09-01 20:12 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2015-12-05 17:35 - 2013-09-01 20:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2015-12-05 17:35 - 2013-07-23 18:43 - 00001028 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-12-05 17:35 - 2013-07-13 16:57 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-12-05 17:35 - 2013-07-13 16:54 - 00001955 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-12-05 17:34 - 2014-05-05 19:28 - 00001602 _____ C:\Users\Herb\Desktop\Remote Desktop Connection.lnk
    2015-12-05 17:34 - 2014-02-23 15:48 - 00001001 _____ C:\Users\Herb\Desktop\Dropbox.lnk
    2015-12-05 17:34 - 2013-09-01 09:14 - 00001279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
    2015-12-05 17:34 - 2013-07-19 17:37 - 00001481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
    2015-12-05 17:34 - 2013-07-19 17:37 - 00001475 _____ C:\Users\Herb\Desktop\partypoker.lnk
    2015-12-05 17:34 - 2013-07-13 18:27 - 00002675 _____ C:\Users\Herb\Desktop\Microsoft Office Word 2007.lnk
    2015-12-05 17:34 - 2013-07-13 18:27 - 00002637 _____ C:\Users\Herb\Desktop\Microsoft Office Excel 2007.lnk
    2015-12-05 16:54 - 2014-07-27 11:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-12-05 16:53 - 2014-07-27 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-12-05 16:53 - 2014-07-27 11:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-12-05 16:39 - 2015-10-30 00:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2015-12-05 16:39 - 2013-07-13 16:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-05 09:04 - 2015-10-30 00:39 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-12-05 07:31 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\AppCompat
    2015-12-04 21:32 - 2015-06-17 18:21 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-57612297-3157999027-2505413976-1001Core.job
    2015-12-04 20:56 - 2015-10-30 00:48 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-12-04 19:53 - 2015-08-07 04:15 - 00000000 ____D C:\Users\Herb\AppData\Local\Packages
    2015-12-04 19:51 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2015-12-04 19:37 - 2015-08-07 04:22 - 00000000 ___RD C:\Users\Herb\OneDrive
    2015-12-04 19:37 - 2015-02-15 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluebeam Software
    2015-12-04 19:31 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2015-12-04 19:31 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\MiracastView
    2015-12-04 19:30 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2015-12-04 06:59 - 2015-10-30 00:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-12-04 06:53 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-04 06:53 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\system32\Dism
    2015-12-04 06:47 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2015-12-04 06:46 - 2015-10-30 00:45 - 01014272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
    2015-12-04 06:46 - 2015-10-30 00:45 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
    2015-12-04 06:46 - 2015-10-30 00:45 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
    2015-12-04 06:46 - 2015-10-30 00:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
    2015-12-04 06:46 - 2015-10-30 00:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
    2015-12-04 06:46 - 2015-10-30 00:45 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
    2015-12-04 06:46 - 2015-10-30 00:45 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
    2015-12-04 04:32 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-04 04:30 - 2015-08-06 19:47 - 00031404 _____ C:\WINDOWS\diagerr.xml
    2015-12-04 04:30 - 2015-08-06 19:47 - 00030483 _____ C:\WINDOWS\diagwrn.xml
    2015-12-04 04:29 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\Registration
    2015-12-04 04:28 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-12-04 04:27 - 2015-08-06 20:42 - 00021412 _____ C:\WINDOWS\system32\emptyregdb.dat
    2015-12-04 04:25 - 2015-10-30 00:48 - 00000000 __RSD C:\WINDOWS\Media
    2015-12-04 04:24 - 2015-10-30 00:48 - 00000000 __RHD C:\Users\Public\Libraries
    2015-12-04 04:16 - 2015-10-30 01:58 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-12-04 04:16 - 2015-10-30 00:13 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
    2015-12-04 04:16 - 2014-11-28 11:04 - 00000000 ____D C:\WINDOWS\system32\vbox
    2015-12-04 04:16 - 2014-05-15 21:26 - 00000000 ____D C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2015-12-04 04:16 - 2014-05-12 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-12-04 04:16 - 2014-02-23 09:43 - 00000000 ____D C:\Users\Admiis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-04 04:16 - 2014-02-01 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    2015-12-04 04:16 - 2014-01-11 16:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
    2015-12-04 04:16 - 2013-09-01 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    2015-12-04 04:16 - 2013-09-01 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-12-04 04:16 - 2013-08-10 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    2015-12-04 04:16 - 2013-07-29 18:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2015-12-04 04:16 - 2013-07-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-12-04 04:16 - 2013-07-16 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-04 04:16 - 2013-07-13 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2015-12-04 04:16 - 2013-07-13 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-12-04 04:16 - 2013-07-13 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-12-04 04:16 - 2009-07-13 23:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-12-04 04:15 - 2015-07-10 01:59 - 00000000 ____D C:\Users\Default.migrated
    2015-12-04 04:11 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-12-04 04:11 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-12-04 04:11 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\IME
    2015-12-04 04:11 - 2013-07-14 22:17 - 00000000 ____D C:\WINDOWS\system32\SPReview
    2015-12-04 04:10 - 2013-07-14 22:17 - 00000000 ____D C:\WINDOWS\system32\EventProviders
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\schemas
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\ProgramData\USOPrivate
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\System
    2015-12-04 04:09 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-12-04 04:09 - 2013-07-19 17:29 - 00000000 ____D C:\Program Files\Microsoft Games
    2015-12-04 04:09 - 2013-07-18 20:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2015-12-04 04:04 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-12-04 04:00 - 2015-10-30 02:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2015-12-04 03:32 - 2015-10-30 02:33 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-11-26 22:12 - 2014-05-12 19:43 - 00000000 ____D C:\Program Files\7-Zip
    2015-11-23 20:08 - 2013-12-22 20:28 - 00002266 ____H C:\Users\Herb\Documents\Default.rdp
    2015-11-18 20:33 - 2015-10-31 19:09 - 00000000 ____D C:\Program Files\McAfee
    2015-11-12 21:29 - 2013-07-13 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-11-12 21:25 - 2013-08-14 21:45 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-11-12 21:13 - 2013-07-16 18:46 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-11-12 20:22 - 2014-01-09 18:45 - 00000000 ____D C:\Users\Herb\Desktop\Receipts
    2015-11-06 19:56 - 2013-07-27 17:01 - 00000000 ____D C:\ProgramData\McAfee

    ==================== Files in the root of some directories =======

    2015-08-16 16:46 - 2015-08-16 19:27 - 0000096 _____ () C:\Users\Herb\AppData\Roaming\redline2stapler.tmp
    2013-09-01 09:12 - 2015-03-05 18:58 - 0006624 _____ () C:\ProgramData\hpzinstall.log
    2014-04-24 20:14 - 2014-05-15 19:25 - 0000263 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2015-02-15 14:29 - 2015-02-15 14:29 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some files in TEMP:
    ====================
    C:\Users\Admiis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppcqfv7.dll
    C:\Users\Herb\AppData\Local\Temp\ExpressPlayerrDCeyXx8Yn.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-04 04:00

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-12-2015
    Ran by Herb (2015-12-05 19:08:07)
    Running from C:\Users\Herb\Desktop
    Microsoft Windows 10 Pro (X86) (2015-12-04 09:31:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Admiis (S-1-5-21-57612297-3157999027-2505413976-1005 - Administrator - Enabled) => C:\Users\Admiis
    Administrator (S-1-5-21-57612297-3157999027-2505413976-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-57612297-3157999027-2505413976-503 - Limited - Disabled)
    Guest (S-1-5-21-57612297-3157999027-2505413976-501 - Limited - Disabled)
    Herb (S-1-5-21-57612297-3157999027-2505413976-1001 - Administrator - Enabled) => C:\Users\Herb
    HomeGroupUser$ (S-1-5-21-57612297-3157999027-2505413976-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    7-Zip 15.12 (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Franšais, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    BbeXtreme (Version: 12.6.0 - Bluebeam Software) Hidden
    Bluebeam Revu 12 (HKLM\...\InstallShield_{8C284678-3F62-48F1-8B2C-2B102D2D6867}) (Version: 12.6.0 - Bluebeam Software)
    Bluebeam Revu 12 (Version: 12.6.0 - Bluebeam Software) Hidden
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C4400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    Citrix Online Launcher (HKLM\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
    D2400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    D2400_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
    Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dropbox (HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
    LavasoftTcpService (HKLM\...\{5916A24B-59A4-4FDB-9753-499CB1F65362}) (Version: 2.3.4.2 - Lavasoft)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    McAfee Multi Access - Total Protection (HKLM\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
    partypoker (HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\PartyPoker) (Version: - )
    PS_AIO_03_C4400_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Herb\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Herb\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2010\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File

    ==================== Restore Points =========================

    05-12-2015 09:03:18 Windows Update
    05-12-2015 16:14:03 JRT Pre-Junkware Removal
    05-12-2015 16:36:20 JRT Pre-Junkware Removal
    05-12-2015 17:50:10 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2015-05-31 19:34 - 00450166 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 activate.wip3.adobe.com127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 15442 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BD6CE5-F6C9-45B2-9E91-28D23438AB78} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {07A7A1C5-4FBA-4F80-B591-185C203820A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0957777E-9BCC-40F9-9B69-5D562CC7F5DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {0C40E1FD-B0A3-4851-96A5-33418CDC96FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {0DD245D5-A5E5-473D-968E-50561E2E60F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {0F450E7F-67A3-40E0-8681-9C716805B34E} - System32\Tasks\ExpressPlayer Installer Starter => C:\Users\Herb\AppData\Local\Temp\ExpressPlayerrDCeyXx8Yn.exe [2015-12-05] (hxxp://express-player.com) <==== ATTENTION
    Task: {13C08159-96A6-43BD-9FC4-12B7C953616B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-57612297-3157999027-2505413976-1001Core => C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
    Task: {1C3C93F8-D055-4BD0-8C47-BCF2E0AE1EA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {24FE5FCD-4707-46A4-AF5B-FE04D8A06C07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: {25C0E321-78C2-48A6-BCD9-04027350BC5D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {25D8B200-52EC-4DCB-8FB6-D7C1B2A3182D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {27F86418-5FC6-41F0-AD42-D6095780D5D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {2F119B5E-0B14-44ED-A760-9719BE77EF7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {328B8003-47E5-47D5-B08A-4BB979425E86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {37F4EC31-59BC-4C3E-A281-9501A11E566C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4266D9AC-830F-4FED-87B7-97EC8A7AA2DC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {47189EAB-FBC5-4482-8C2E-EC45CF6FBB97} - System32\Tasks\Rush Style2 => Rundll32.exe "C:\Users\Herb\AppData\Local\Rush Style\{184B50A6-6765-B15B-6678-65776B1A615F}\xvyq.dll",#1
    Task: {48BDC965-E072-4C99-B462-245AEF010866} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {49FE350C-0EE5-4393-8F54-D485CCE70CA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {553215DC-9F6F-4339-B22B-6CF55990A9C8} - \IBUpd -> No File <==== ATTENTION
    Task: {614B5358-FA04-47B6-99CA-B8741A8289DE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {67E48A01-DD94-479E-AB89-6679A3E0C83A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {69E03C4E-690A-4264-8BCB-C13CBD0A71E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6C2EDC9B-0CC3-46A9-8C52-022FD3D61802} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {6DD2E3A8-1ED5-4FFF-836B-FBB1D9655537} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7C373A58-B024-4542-84F8-636B52369C35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7F2FEA2B-416F-4A56-AB58-042DDEE84278} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {80F701A3-7528-42A3-9883-E47E164E52BC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
    Task: {82EF410C-BB9E-4E5D-96D9-60484D565DCA} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-10-26] (CyberLink)
    Task: {8A6BE1A6-C0AF-4C35-A2A7-56FE2244A6EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9CB9C8B5-7CE2-4B09-8BCB-4891EBC9A062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9D115CB1-327F-403E-A23D-156C72246F4D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9ECC9B3E-4587-4F6E-87C6-8DFBE85BB5E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9F83D613-B31B-4881-9A18-94A40DEDF75F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A270ACDA-BF7A-4DFF-B4C1-639F73700D13} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B2A3E12C-0DF1-46DF-AFE4-21AB4FA2E4CD} - System32\Tasks\{F1F9E6CA-6117-4E85-98D6-0D35134F53BE} => pcalua.exe -a C:\Users\Herb\Downloads\Vistawall-OldCastle-v15.exe -d C:\Users\Herb\Downloads
    Task: {B7A72F98-E8C2-43B3-B11E-EC3A5809FC1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B98EC9C5-857F-4A93-9764-443833B7EA27} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
    Task: {BA9BA3D8-61E3-4119-B6DD-E0CFAD7B56F0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {C2EB035D-9CF2-4B26-AF7E-AE18FA5E463F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C52EF520-60A8-4932-AA4B-C3ECC19A956E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {CDC0DB9E-1BAF-4282-AAA3-A1D3788FF107} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CE8E677A-CB1A-43A6-9F5C-69A9808EE584} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D11A7F9E-FBC5-40D3-B34A-7B23840C8E3F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D85D5480-FD97-4206-9D71-08F4B2142031} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DD031793-A475-48D8-808E-CD8DAEDC70B0} - System32\Tasks\{927ECC44-C9E0-4116-A279-418C6F56B559} => pcalua.exe -a "C:\Program Files\MaxDrivrUpdater\uninstall.exe"
    Task: {E631B780-04DD-46C3-A8D9-1CECE540646C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {ECB6D60A-CD5F-420C-8FDD-2B4F687F2DC8} - System32\Tasks\Rush Style => Rundll32.exe "C:\Users\Herb\AppData\Local\Rush Style\{184B50A6-6765-B15B-6678-65776B1A615F}\RushStyle.dll",#1
    Task: {F71BF47C-4A4C-4289-82C6-A9FD61FB999B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {FC2277F8-9A49-47AA-8AFD-FD361328A899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FD6BC3B9-92AC-49B6-B143-4A6F926DE5FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FEB7F6CC-608C-48D4-90AB-519A81847553} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-57612297-3157999027-2505413976-1001Core.job => C:\Users\Herb\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 00:44 - 2015-10-30 00:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 05352960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 00696320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-05 07:36 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
    2015-12-05 07:36 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.73\libegl.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00039456 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00106016 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00049184 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00744992 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2015-09-30 18:38 - 2015-11-04 18:44 - 00166416 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
    2015-12-05 18:47 - 2015-12-05 18:47 - 00071168 _____ () c:\users\admiis\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppcqfv7.dll
    2015-10-02 19:28 - 2015-09-02 19:11 - 00012800 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-03-04 16:45 - 2015-09-02 19:11 - 00779776 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-10-02 19:28 - 2015-09-02 19:11 - 00056320 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-10-02 19:28 - 2015-09-02 19:11 - 00012288 _____ () C:\Users\Herb\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-domains-registrations.com -> 1 Domains Technology Blog |
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7857 more sites.

    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1-domains-registrations.com -> 1 Domains Technology Blog |
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1005\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7857 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Herb\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    HKU\S-1-5-21-57612297-3157999027-2505413976-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
    FirewallRules: [{1C645187-350D-4851-8CF4-B9673C7A3E69}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [TCP Query User{65759661-A55B-4B2B-A14E-3A8C66B80DD2}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{4F072388-5E72-4DB4-8D7E-CD7BCE737CB6}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{11C22F5B-8B86-40D7-9A4C-B3B33768846D}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{AC703DB0-BCD9-4332-9F61-2C4ED18AB4FD}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{A5D2ADB0-CD56-4C34-A515-49CF05BF3B54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{47D17812-F291-4225-AF3C-1F990308CA34}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{30D8C4AB-51BD-4544-A587-664A4C9B0200}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A81AFB34-87B0-499D-AA2E-22D287F26450}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{691684ED-20A3-426F-B777-DBCC1F775AAD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{EDDB3AC1-4497-48AE-9E4B-377BD4A36924}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{5FC78721-87DC-4013-A0F2-4492D4A60DD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{6473C857-5691-408A-9F12-E01070D4166E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{19CA588C-0EB3-471A-8949-8140B1DC18EC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{1A5B2BC7-73B5-4849-A25E-3AE2FF9E71F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{F6578C24-B2DF-4617-8A82-81E07440BBD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{8B67C9C0-F4AA-4C3D-BECE-F6A84630B034}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{8CE6B298-D88B-4D0E-B602-0E889AE34072}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{DBDDD5DB-606E-4200-A389-B5952297D192}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{06195D7F-61C9-4BED-A8EF-9953112C3C0A}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{95A35D96-2DBA-42B6-970D-0AFAC3B453C9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{361EBA54-131C-428D-A8F9-230EEFB3F98F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{03702866-8729-4181-9A96-6255667C9C48}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{B178A7CB-125F-4672-940A-F55094127F80}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{A50E28E4-A047-4E2D-AB6A-276276F9749D}] => (Allow) C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{16AEA692-71CF-48ED-A36B-F77DD24CD680}] => (Allow) C:\Users\Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{E5739623-411E-4A0F-A9C7-B674302564C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{DBA1FB0E-9043-435D-8274-2C9C8756BBDA}] => (Allow) LPort=50248
    FirewallRules: [{A3B7BC7E-4655-4426-9D79-E21925F0EF77}] => (Allow) LPort=7939
    FirewallRules: [{6A9DC065-537D-4D34-8BB3-9C0645EAA7C7}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{0D2B7AF0-C064-4493-BA63-786ED60F4713}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{F561FECF-B3F5-426F-862E-CEACA28F83AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{F6B58C45-8B96-4D60-8650-F64C45304119}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{8B803C55-702E-48CC-979C-CB2B31012643}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/05/2015 07:04:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/05/2015 07:04:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herb-PC)
    Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (12/05/2015 05:51:21 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 05:47:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_5ceb8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/05/2015 04:45:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

    Error: (12/05/2015 04:44:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Background Intelligent Transfer Service service hung on starting.

    Error: (12/05/2015 04:43:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

    Error: (12/05/2015 04:40:28 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (12/05/2015 04:40:22 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}


    CodeIntegrity:
    ===================================
    Date: 2015-12-05 16:48:48.268
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:26:25.076
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:26:24.859
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:21:44.078
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-04 04:01:03.486
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II P360 Dual-Core Processor
    Percentage of memory in use: 61%
    Total physical RAM: 3578.9 MB
    Available physical RAM: 1360.16 MB
    Total Virtual: 7162.9 MB
    Available Virtual: 4515.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:282.82 GB) (Free:218.04 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0EC2D9DF)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=282.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================

  5. #5
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Sorry about the double post.

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Not seeing much, we will get rid of some left over entries (orphans) clear temporary and clear dns. We will also run two Adware scanners.

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: [NoControlPanel] 0
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-57612297-3157999027-2505413976-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = 
    CHR HomePage: Profile 2 -> hxxp://www-searching.com/?pid=s&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,&vp=ch&prd=set
    CHR StartupUrls: Profile 2 -> "hxxp://www-searching.com/?pid=s&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,&vp=ch&prd=set"
    CHR DefaultSearchURL: Profile 2 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=FC5zbwybl03,69d60f1f-3691-4a8b-b531-58b0d90b627c,
    CHR DefaultSearchKeyword: Profile 2 -> www-searching.com
    CHR DefaultSuggestURL: Profile 2 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    U3 idsvc; no ImagePath
    Task: {553215DC-9F6F-4339-B22B-6CF55990A9C8} - \IBUpd -> No File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
    CustomCLSID: HKU\S-1-5-21-57612297-3157999027-2505413976-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Admiis\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log

  7. #7
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Say this app cannot open. Having this issue with all my apps since I started having issue this afternoon.

  8. #8
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    sorry got but i cannot see "format"?

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK, Don't worry about format then, just save as a fixlist to the desktop.

  10. #10
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    when i hit fix, it says looks like I do not know what I am doing and closes?
    Last edited by millworkman; 12-05-2015 at 08:07 PM.

Page 1 of 7 123 ... LastLast