Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Firefox patch

  1. #1
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default Firefox patch

    I recently had Urgent Update appear on FF while browsing yahoo.
    the file reads:
    firefox-patch (1).js
    ohzurfilez.com

    It looks suspicious and I don't know why FF browser showed urgent update.

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    I believe that's a browser hijacker. Did you do the up date ?

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default

    I downloaded the file but did not run it.
    also ran Malwarebytes after and there were no issues.

  5. #4
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default

    It happened again today.
    What is a browser hijack and how do I stop it from happening?

  6. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    A browser hijacker usually changes the search engine an can cause redirects to other web sites.

    Lets take a closer look at things.

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  7. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Ooops! I see zep516 is online. Hi Zep! (waves)

    Post edited...

    Please follow his instructions. I will move your topic to the removal forum.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. #7
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default

    Quote Originally Posted by zep516 View Post
    A browser hijacker usually changes the search engine an can cause redirects to other web sites.

    Lets take a closer look at things.

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  9. #8
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
    Ran by ceyermann (28-12-2016 08:06:40)
    Running from C:\Users\ceyermann\Desktop
    Windows 10 Home Version 1607 (X64) (2016-09-20 20:39:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3193829095-4286807977-817251257-500 - Administrator - Disabled)
    ceyermann (S-1-5-21-3193829095-4286807977-817251257-1002 - Administrator - Enabled) => C:\Users\ceyermann
    DefaultAccount (S-1-5-21-3193829095-4286807977-817251257-503 - Limited - Disabled)
    Guest (S-1-5-21-3193829095-4286807977-817251257-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    Amazon Drive (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\Amazon Drive) (Version: 3.5.0.44 - Amazon.com, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    AT&T Connect Participant Application v8.8.53 (HKLM-x32\...\{01949445-CB7F-436B-8ECC-771BE6184BBC}) (Version: 8.8.53 - AT&T Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
    Cisco WebEx Meetings (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DesktopEarth (HKLM-x32\...\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}) (Version: 2.1.1 - CodeFromThe70s.org)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version: - SEIKO EPSON Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline)
    GoToMeeting Outlook Calendar Plug-in (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\74BCB683C409F719EAB31FBFCB139767D04815FF) (Version: 3.8.110.0 - Citrix Online)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.203 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
    PCFerret version 2.2.2.2002 (HKLM-x32\...\{5F28DBE2-546C-4D3C-BF0F-EBB82C89A0CE}_is1) (Version: 2.2.2.2002 - PCFerret)
    PowerDirector (x32 Version: 10.00.0000 - CyberLink Corp.) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
    Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version: - )
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
    TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Wise Care 365 3.94 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.94 - WiseCleaner.com, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3193829095-4286807977-817251257-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ceyermann\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01DA596F-77C1-42D7-9A18-7A5D8DAF65E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {02B9D6FD-A839-4576-BD3E-56DEACBFCBB2} - \DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002UA -> No File <==== ATTENTION
    Task: {080B28D9-A62C-4618-9D9D-CE63C79F37BB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {084BC2F1-CAA5-429B-B1D7-54F66B2FA1F4} - \MirageAgent -> No File <==== ATTENTION
    Task: {08902FCE-C822-46BF-9833-40CC9395F484} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {0C669204-C66D-4400-AE12-5194B0131DB0} - \DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002Core -> No File <==== ATTENTION
    Task: {0DCCE79B-1034-48F4-9476-0F51B08B066E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-31] (HP Inc.)
    Task: {12618715-10CE-4858-BEA0-19434356FB23} - \Hewlett-Packard\HP Support Assistant\Update Check -> No File <==== ATTENTION
    Task: {19438692-14DE-47CD-8054-9E923E5D7F26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {19A0D93E-DCD6-4F7C-A2F5-FD4DB22B7372} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
    Task: {1A3F5F39-8B76-4951-A048-C0AF0DC9B7A4} - \HP AR Program Upload - 15bebec41c0742f89d72854c285f38fdf07ce14e1b8949db8b4a68249b3039ff -> No File <==== ATTENTION
    Task: {1AACC1A6-631A-4C6A-8F1C-7D8D7BF24DC1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {1C77B58C-623D-4375-9167-DD59137BE3B4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {1F69DBDB-82BA-4BFE-8961-F5614F0AAACA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {206112C0-7C05-461A-9D1A-6E41D4FEC6ED} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
    Task: {2CDF3707-5B19-4778-8377-197BE1CC21A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {3281EAB6-0CF4-4598-8316-ACCA2DB850C1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
    Task: {3D98E2AF-D87E-4085-A8BF-35B6DA88C168} - \Microsoft OneDrive Auto Update Task-S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {4063EBED-3D2F-4AD7-9E25-9F504B6F4C05} - System32\Tasks\HP AR Program Upload - c199bd49a4364290b4241009740da3fbe7e645ce2d56433b904961db41b112fb => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {41872AEE-C29A-40CD-9A9B-7C62F1C7B38A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {41A98629-B46C-47C0-8A07-B0D4D210A8E8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-19] (Dropbox, Inc.)
    Task: {4B4358BB-1F41-40E2-9B15-7CE7460A39DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {4C3D1593-A69E-4186-94ED-CD18CB6043E2} - System32\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2015-12-18] (WiseCleaner.com)
    Task: {4D12CC38-B23D-4D86-B474-F4F7B8BD249E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {4DCDD95C-EE2F-4925-807A-ADB544D75E2C} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2015-12-18] (WiseCleaner.COM)
    Task: {535FCFE5-F5FC-49CB-BAF7-D63C9061F6A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {53BB83D1-1DFF-472E-8133-68C9CC66FA3C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {55E6832E-CBF5-43D4-8F06-AC38CF571EA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {5A58CBD5-71D4-4297-9C73-A004F585F35B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
    Task: {5CAB7F66-1CE6-4B7C-BF71-B3C3F8199851} - \G2MUpdateTask-S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {6474E2C8-ECCD-4E16-827D-08A580941D88} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION
    Task: {6A472031-B69D-4896-B050-C7656DD8BE23} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {6F1E0BD7-4323-45E7-92C4-F8E60C74F447} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {6F574CF7-B2C4-454A-8228-33B3E07D7903} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {7263B970-95C1-4091-A871-B70D5975DD63} - \Optimize Start Menu Cache Files-S-1-5-21-3193829095-4286807977-817251257-500 -> No File <==== ATTENTION
    Task: {7684D7E2-5590-4D9A-B125-66666E69D42B} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2015-12-18] (WiseCleaner.com)
    Task: {77133234-0F8C-47DB-A9A3-2E3D5CEB6CB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {780BF474-0707-431E-97C1-DFE8AF7D6769} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
    Task: {79F39B43-990F-4CE3-A5AE-CAA8261A3AE3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7C250299-4B78-4B38-AB2A-EE2AE7A77D0E} - \CLMLSvc_P2G8 -> No File <==== ATTENTION
    Task: {7E635D03-79AA-46C4-ADB2-893DE203E80F} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3BLF3GMP -> No File <==== ATTENTION
    Task: {83AFBC5A-E38D-4AB4-96BF-570336C74DFC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {91861141-3BF2-4A40-AA16-18A34A8992F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {9B3272D1-2F13-4AF6-9220-AE7181A34BF3} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2015-12-18] (WiseCleaner.COM)
    Task: {A1CC1752-A1B7-427C-988D-8774DD124F95} - \G2MUploadTask-S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {A565D473-327E-45B3-B6F1-EF815A87A657} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {A6645B62-3813-4C7B-955C-88F4FCAA0D0C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {AA72A3CA-A3CB-434F-956C-64FE3A9777DC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B363ACA0-A403-4A16-9DBF-A078FDC580E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {B540ED1E-6B51-437B-872C-2580F2F5829C} - System32\Tasks\HP AR Program Upload - 2b14f73b26dc4db9925a812e60eaffec49d7653c1448407080b1fd448d8ef0fd => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {BC4FFC0D-24F4-4BAE-B86F-138A9DF6E39E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
    Task: {C38F6251-3FC8-4CE5-87DB-37DCB7559471} - \WPD\SqmUpload_S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {CA881026-E9C4-4AFC-9CCD-D35AD4D3B6EA} - \HP AR Program Upload - 6eb9cae098f44ff595a076ff44eabcd35468587388454ba3bfd0d207388e4363 -> No File <==== ATTENTION
    Task: {CAE6A4D8-6AE0-4B0A-980B-7F5B094EB112} - System32\Tasks\HP AR Program Upload - cdc85afc590d4ec3be1a7b26e1cbb8b1fe2cd9bdb2704212add3b9fb905bc6b2 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {CBB41DE4-BA4F-4237-9697-1D21BAF93D69} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
    Task: {D2347469-7CD8-4EFA-ABAA-14D580F6FD6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-19] (Dropbox, Inc.)
    Task: {D9BEF0EA-AD58-4770-82E0-EE514956C449} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
    Task: {DABF5BEF-2DD4-4922-97AB-0396A779A9B2} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN455391JP -> No File <==== ATTENTION
    Task: {E4C00277-5D11-4184-85EA-1CBD9242C682} - System32\Tasks\HPCeeScheduleForceyermann => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {E86537C1-4A11-4EBE-9B10-A2CBA08A0E4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {F6757919-E76A-428A-A961-BC3CAB1263D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {FA7B4F7A-BE0C-49FC-9C79-6588687A5A70} - System32\Tasks\HP AR Program Upload - 6e8da16bf33042638d59220d7231393a8d390fbe262340febe6cf5323b195518 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002Core.job => C:\Users\ceyermann\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002UA.job => C:\Users\ceyermann\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3193829095-4286807977-817251257-1002.job => C:\Users\ceyermann\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3193829095-4286807977-817251257-1002.job => C:\Users\ceyermann\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForceyermann.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ceyermann\AppData\Local\Microsoft\Windows\RoamingTiles\7470945450.lnk -> hxxp://www.nbcnews.com/
    Shortcut: C:\Users\ceyermann\AppData\Local\Microsoft\Windows\Application Shortcuts\ClearChannelRadioDigital.iHeartRadio_a76a11dkgb644\5247235ae992b6e02ada2c96.lnk -> hxxp://img.iheart.com/api/imscale?w=429&id=89602&type=ARTIST&custSca=true&custFlt=true~~1~89602~~~

    ShortcutWithArgument: C:\Users\ceyermann\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7470945450.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x64baf35c -pinnedTimeHigh 0x01cebc7b -securityFlags 0x00000000 -url 0x00000017 hxxp://www.nbcnews.com/

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-14 17:36 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2012-08-08 12:36 - 2012-08-08 12:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-03-25 08:26 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-12-14 17:36 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-12-09 07:46 - 2016-12-09 07:46 - 01678560 _____ () C:\Users\ceyermann\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
    2015-02-20 17:44 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-09-20 16:39 - 2016-09-20 16:39 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-12-14 17:36 - 2016-12-09 03:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-09 14:25 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-09 14:26 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-09 14:26 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-09 14:26 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-09 14:26 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-09 14:26 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-12-14 12:26 - 2016-12-14 12:28 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-12-14 12:26 - 2016-12-14 12:28 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-12-14 12:26 - 2016-12-14 12:28 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-12-14 12:26 - 2016-12-14 12:28 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
    2016-12-09 07:46 - 2016-12-09 07:46 - 01244376 _____ () C:\Users\ceyermann\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
    2016-12-22 09:18 - 2016-11-11 14:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-12-22 09:18 - 2016-11-11 14:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2016-12-22 09:17 - 2016-11-11 14:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-12-22 09:18 - 2016-11-11 14:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2016-12-22 09:17 - 2016-11-11 14:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-12-22 09:18 - 2016-11-11 14:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2016-12-22 09:17 - 2016-11-11 14:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2016-12-22 09:17 - 2016-12-21 12:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2016-12-22 09:17 - 2016-12-03 02:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2016-12-22 09:17 - 2016-12-21 12:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-12-22 09:18 - 2016-12-21 12:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2016-12-22 09:18 - 2016-11-11 14:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
    2016-12-22 09:17 - 2016-11-11 14:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2016-12-22 09:17 - 2016-11-11 14:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-12-22 09:18 - 2016-12-21 12:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2016-12-22 09:18 - 2016-11-11 14:44 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-09-20 12:00 - 2016-09-20 12:00 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2016-09-20 12:01 - 2016-11-15 04:19 - 01041600 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2014-10-17 10:07 - 2015-03-24 02:37 - 00125088 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\OUTLCTL.DLL
    2016-12-16 13:00 - 2016-12-16 13:00 - 01114136 _____ () C:\Users\ceyermann\AppData\Roaming\Mozilla\Firefox\Profiles\tl9sknbx.default-1448214611333\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    2016-10-27 05:35 - 2016-10-27 05:35 - 22825144 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
    2016-05-03 08:41 - 2016-05-03 08:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
    2016-09-30 17:36 - 2016-09-30 17:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\sharepoint.com -> hxxps://theheartlandgroup-files.sharepoint.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1001namen.com -> 1001 Namen
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123moviedownload.com -> 123Movies Stream Movies Online - Watch Free Movies
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7865 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2015-07-24 09:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ceyermann\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\current.bmp
    DNS Servers: 71.10.216.1 - 71.10.216.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
    HKLM\...\StartupApproved\Run: => "SynTPEnh"
    HKLM\...\StartupApproved\Run: => "SysTrayApp"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKLM\...\StartupApproved\Run32: => "BrStsWnd"
    HKLM\...\StartupApproved\Run32: => "EEventManager"
    HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "DesktopEarth AutoStart.lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - .lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Power2GoExpress8"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "MyDriveConnect.exe"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "TomTomHOME.exe"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "1685277AC3E7BC47019DE3AD83FB8C521A332DB9._service_run"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Push Client"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Driver Support"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "HP Officejet 4630 series (NET)"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Fitbit Connect"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [UDP Query User{E14487E6-4994-4762-8AE0-4C9ADA1FCC0F}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
    FirewallRules: [TCP Query User{37B4B402-B9DD-4178-BC5C-98D7EE2E6AB6}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
    FirewallRules: [{BABFC6AE-9460-4A62-8C6E-D73693EE4568}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{0C1EB985-DD65-404E-82C8-7F6FA76BD2F4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FFFF21A4-5213-4D94-9849-9213A0E9FF99}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{28DAD3DF-7A1E-49C4-A393-12921F90673F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D4F3558D-C690-440F-9640-DA21003CE244}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8157B40D-152B-4303-9916-A69B2511C757}] => LPort=1900
    FirewallRules: [{92B5170F-2B54-47E1-907B-C7DB16C49953}] => LPort=2869
    FirewallRules: [{BCFABD0B-EF96-419B-8F1D-3DA6E7342DC7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{CD30210D-0E58-4EF0-8460-8E4A80121EFA}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [TCP Query User{FDCF46CD-27F5-4FC0-A971-B02E1DBB6D9C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{07053E06-99FE-439A-957B-28BE21C68A2E}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{94C9ACE4-BC9D-4656-B1C7-16FA029AE77D}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{97D7E4AA-1738-45FA-9ED8-ABC78AC150AE}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{FC0FBD2F-226C-411A-9249-264267F0C529}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{FA584B2A-43B6-4F0D-BF8C-1B62260BEED0}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{77AB2D48-2C2B-47A7-B0E7-4179A0EFF0B8}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{9B24FC63-8A84-4808-B7E2-75AA9D62D458}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{3B8B4CCA-3FD7-4CAA-970B-EC420B1563A7}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{088D4F47-2740-4ECB-9B05-8D620776D3EB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{90B5DFAF-97C2-4811-8A9A-C8CC85AFECEE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{4246ABA4-87E9-4C96-B5E7-6E1AFFC73CF7}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{51426D04-4773-4BB5-A18E-E1BC851AA1E6}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{9FF85B2B-22C1-433D-A248-F61581C1CEDD}] => C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
    FirewallRules: [{C45AE543-51E5-4F8D-B236-6B26F5FF7D32}] => C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
    FirewallRules: [{EA43C5CB-B36E-4417-8F67-A20DF86B43FF}] => C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
    FirewallRules: [{CA12C2BF-120B-48B9-9D69-A0ED2976ABED}] => C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
    FirewallRules: [{44EC0C9E-0CAC-4457-AE81-B686ECE80E43}] => LPort=5357
    FirewallRules: [{379D27EC-0629-4450-A1EE-0F0AC1F50230}] => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{225F59B1-0A32-4F2B-8A5D-1BA298194F72}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F3DCC996-F5CB-4450-B93C-8308D238F2CA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1EF0BAF2-D79C-4630-96CD-D2FE3B123FED}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5ED78795-6399-4810-9939-96A232AF7649}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{74AF0D5A-1CB9-491D-9E9D-C51319A28620}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{3BBF9A94-6139-495F-8A09-4DEFAD314281}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{63611286-6E96-4FA6-A512-2C7396B9EAE9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B1EFC4C1-C3E9-4C82-8431-E954667B34C7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    11-12-2016 12:14:47 Removed Fitbit Connect
    14-12-2016 17:39:46 Windows Update
    22-12-2016 16:23:17 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer:
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/28/2016 06:28:27 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:28:17 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:28:07 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

    Error: (12/28/2016 06:28:07 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:57 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

    Error: (12/28/2016 06:27:57 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:47 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:37 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

    Error: (12/28/2016 06:27:37 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:26 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.


    System errors:
    =============
    Error: (12/27/2016 09:02:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 04:03:14 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.

    Error: (12/27/2016 04:03:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 02:35:11 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

    Error: (12/27/2016 02:33:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Connected Devices Platform Service service terminated with the following error:
    Unspecified error

    Error: (12/27/2016 12:37:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 12:28:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 12:23:15 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

    Error: (12/27/2016 12:21:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Connected Devices Platform Service service terminated with the following error:
    Unspecified error

    Error: (12/27/2016 12:21:15 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================
    Date: 2016-12-27 12:26:52.675
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:52.673
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:52.669
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:51.996
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:51.994
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:51.988
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:50.005
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:50.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:49.999
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:46.629
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 38%
    Total physical RAM: 7650.26 MB
    Available physical RAM: 4681.1 MB
    Total Virtual: 8866.26 MB
    Available Virtual: 5734.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:905.45 GB) (Free:810.24 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:24.46 GB) (Free:2.89 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================

  10. #9
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
    Ran by ceyermann (28-12-2016 08:06:40)
    Running from C:\Users\ceyermann\Desktop
    Windows 10 Home Version 1607 (X64) (2016-09-20 20:39:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3193829095-4286807977-817251257-500 - Administrator - Disabled)
    ceyermann (S-1-5-21-3193829095-4286807977-817251257-1002 - Administrator - Enabled) => C:\Users\ceyermann
    DefaultAccount (S-1-5-21-3193829095-4286807977-817251257-503 - Limited - Disabled)
    Guest (S-1-5-21-3193829095-4286807977-817251257-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    Amazon Drive (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\Amazon Drive) (Version: 3.5.0.44 - Amazon.com, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    AT&T Connect Participant Application v8.8.53 (HKLM-x32\...\{01949445-CB7F-436B-8ECC-771BE6184BBC}) (Version: 8.8.53 - AT&T Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
    Cisco WebEx Meetings (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DesktopEarth (HKLM-x32\...\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}) (Version: 2.1.1 - CodeFromThe70s.org)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version: - SEIKO EPSON Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline)
    GoToMeeting Outlook Calendar Plug-in (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\74BCB683C409F719EAB31FBFCB139767D04815FF) (Version: 3.8.110.0 - Citrix Online)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.203 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
    PCFerret version 2.2.2.2002 (HKLM-x32\...\{5F28DBE2-546C-4D3C-BF0F-EBB82C89A0CE}_is1) (Version: 2.2.2.2002 - PCFerret)
    PowerDirector (x32 Version: 10.00.0000 - CyberLink Corp.) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
    Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version: - )
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
    TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Wise Care 365 3.94 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.94 - WiseCleaner.com, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3193829095-4286807977-817251257-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ceyermann\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01DA596F-77C1-42D7-9A18-7A5D8DAF65E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {02B9D6FD-A839-4576-BD3E-56DEACBFCBB2} - \DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002UA -> No File <==== ATTENTION
    Task: {080B28D9-A62C-4618-9D9D-CE63C79F37BB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {084BC2F1-CAA5-429B-B1D7-54F66B2FA1F4} - \MirageAgent -> No File <==== ATTENTION
    Task: {08902FCE-C822-46BF-9833-40CC9395F484} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {0C669204-C66D-4400-AE12-5194B0131DB0} - \DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002Core -> No File <==== ATTENTION
    Task: {0DCCE79B-1034-48F4-9476-0F51B08B066E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-31] (HP Inc.)
    Task: {12618715-10CE-4858-BEA0-19434356FB23} - \Hewlett-Packard\HP Support Assistant\Update Check -> No File <==== ATTENTION
    Task: {19438692-14DE-47CD-8054-9E923E5D7F26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {19A0D93E-DCD6-4F7C-A2F5-FD4DB22B7372} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
    Task: {1A3F5F39-8B76-4951-A048-C0AF0DC9B7A4} - \HP AR Program Upload - 15bebec41c0742f89d72854c285f38fdf07ce14e1b8949db8b4a68249b3039ff -> No File <==== ATTENTION
    Task: {1AACC1A6-631A-4C6A-8F1C-7D8D7BF24DC1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {1C77B58C-623D-4375-9167-DD59137BE3B4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {1F69DBDB-82BA-4BFE-8961-F5614F0AAACA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {206112C0-7C05-461A-9D1A-6E41D4FEC6ED} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
    Task: {2CDF3707-5B19-4778-8377-197BE1CC21A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {3281EAB6-0CF4-4598-8316-ACCA2DB850C1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
    Task: {3D98E2AF-D87E-4085-A8BF-35B6DA88C168} - \Microsoft OneDrive Auto Update Task-S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {4063EBED-3D2F-4AD7-9E25-9F504B6F4C05} - System32\Tasks\HP AR Program Upload - c199bd49a4364290b4241009740da3fbe7e645ce2d56433b904961db41b112fb => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {41872AEE-C29A-40CD-9A9B-7C62F1C7B38A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {41A98629-B46C-47C0-8A07-B0D4D210A8E8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-19] (Dropbox, Inc.)
    Task: {4B4358BB-1F41-40E2-9B15-7CE7460A39DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {4C3D1593-A69E-4186-94ED-CD18CB6043E2} - System32\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2015-12-18] (WiseCleaner.com)
    Task: {4D12CC38-B23D-4D86-B474-F4F7B8BD249E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {4DCDD95C-EE2F-4925-807A-ADB544D75E2C} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2015-12-18] (WiseCleaner.COM)
    Task: {535FCFE5-F5FC-49CB-BAF7-D63C9061F6A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {53BB83D1-1DFF-472E-8133-68C9CC66FA3C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {55E6832E-CBF5-43D4-8F06-AC38CF571EA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {5A58CBD5-71D4-4297-9C73-A004F585F35B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
    Task: {5CAB7F66-1CE6-4B7C-BF71-B3C3F8199851} - \G2MUpdateTask-S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {6474E2C8-ECCD-4E16-827D-08A580941D88} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION
    Task: {6A472031-B69D-4896-B050-C7656DD8BE23} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {6F1E0BD7-4323-45E7-92C4-F8E60C74F447} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {6F574CF7-B2C4-454A-8228-33B3E07D7903} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
    Task: {7263B970-95C1-4091-A871-B70D5975DD63} - \Optimize Start Menu Cache Files-S-1-5-21-3193829095-4286807977-817251257-500 -> No File <==== ATTENTION
    Task: {7684D7E2-5590-4D9A-B125-66666E69D42B} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2015-12-18] (WiseCleaner.com)
    Task: {77133234-0F8C-47DB-A9A3-2E3D5CEB6CB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {780BF474-0707-431E-97C1-DFE8AF7D6769} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
    Task: {79F39B43-990F-4CE3-A5AE-CAA8261A3AE3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7C250299-4B78-4B38-AB2A-EE2AE7A77D0E} - \CLMLSvc_P2G8 -> No File <==== ATTENTION
    Task: {7E635D03-79AA-46C4-ADB2-893DE203E80F} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3BLF3GMP -> No File <==== ATTENTION
    Task: {83AFBC5A-E38D-4AB4-96BF-570336C74DFC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {91861141-3BF2-4A40-AA16-18A34A8992F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {9B3272D1-2F13-4AF6-9220-AE7181A34BF3} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2015-12-18] (WiseCleaner.COM)
    Task: {A1CC1752-A1B7-427C-988D-8774DD124F95} - \G2MUploadTask-S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {A565D473-327E-45B3-B6F1-EF815A87A657} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {A6645B62-3813-4C7B-955C-88F4FCAA0D0C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {AA72A3CA-A3CB-434F-956C-64FE3A9777DC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B363ACA0-A403-4A16-9DBF-A078FDC580E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {B540ED1E-6B51-437B-872C-2580F2F5829C} - System32\Tasks\HP AR Program Upload - 2b14f73b26dc4db9925a812e60eaffec49d7653c1448407080b1fd448d8ef0fd => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {BC4FFC0D-24F4-4BAE-B86F-138A9DF6E39E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
    Task: {C38F6251-3FC8-4CE5-87DB-37DCB7559471} - \WPD\SqmUpload_S-1-5-21-3193829095-4286807977-817251257-1002 -> No File <==== ATTENTION
    Task: {CA881026-E9C4-4AFC-9CCD-D35AD4D3B6EA} - \HP AR Program Upload - 6eb9cae098f44ff595a076ff44eabcd35468587388454ba3bfd0d207388e4363 -> No File <==== ATTENTION
    Task: {CAE6A4D8-6AE0-4B0A-980B-7F5B094EB112} - System32\Tasks\HP AR Program Upload - cdc85afc590d4ec3be1a7b26e1cbb8b1fe2cd9bdb2704212add3b9fb905bc6b2 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {CBB41DE4-BA4F-4237-9697-1D21BAF93D69} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
    Task: {D2347469-7CD8-4EFA-ABAA-14D580F6FD6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-19] (Dropbox, Inc.)
    Task: {D9BEF0EA-AD58-4770-82E0-EE514956C449} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
    Task: {DABF5BEF-2DD4-4922-97AB-0396A779A9B2} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN455391JP -> No File <==== ATTENTION
    Task: {E4C00277-5D11-4184-85EA-1CBD9242C682} - System32\Tasks\HPCeeScheduleForceyermann => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {E86537C1-4A11-4EBE-9B10-A2CBA08A0E4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {F6757919-E76A-428A-A961-BC3CAB1263D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {FA7B4F7A-BE0C-49FC-9C79-6588687A5A70} - System32\Tasks\HP AR Program Upload - 6e8da16bf33042638d59220d7231393a8d390fbe262340febe6cf5323b195518 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002Core.job => C:\Users\ceyermann\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3193829095-4286807977-817251257-1002UA.job => C:\Users\ceyermann\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3193829095-4286807977-817251257-1002.job => C:\Users\ceyermann\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3193829095-4286807977-817251257-1002.job => C:\Users\ceyermann\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForceyermann.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ceyermann\AppData\Local\Microsoft\Windows\RoamingTiles\7470945450.lnk -> hxxp://www.nbcnews.com/
    Shortcut: C:\Users\ceyermann\AppData\Local\Microsoft\Windows\Application Shortcuts\ClearChannelRadioDigital.iHeartRadio_a76a11dkgb644\5247235ae992b6e02ada2c96.lnk -> hxxp://img.iheart.com/api/imscale?w=429&id=89602&type=ARTIST&custSca=true&custFlt=true~~1~89602~~~

    ShortcutWithArgument: C:\Users\ceyermann\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7470945450.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x64baf35c -pinnedTimeHigh 0x01cebc7b -securityFlags 0x00000000 -url 0x00000017 hxxp://www.nbcnews.com/

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-14 17:36 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2012-08-08 12:36 - 2012-08-08 12:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-03-25 08:26 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-12-14 17:36 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-12-09 07:46 - 2016-12-09 07:46 - 01678560 _____ () C:\Users\ceyermann\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
    2015-02-20 17:44 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-09-20 16:39 - 2016-09-20 16:39 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-12-14 17:36 - 2016-12-09 03:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-09 14:25 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-09 14:26 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-09 14:26 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-09 14:26 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-09 14:26 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-09 14:26 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-12-14 12:26 - 2016-12-14 12:28 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-12-14 12:26 - 2016-12-14 12:28 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-12-14 12:26 - 2016-12-14 12:28 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-12-14 12:26 - 2016-12-14 12:28 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
    2016-12-09 07:46 - 2016-12-09 07:46 - 01244376 _____ () C:\Users\ceyermann\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
    2016-12-22 09:18 - 2016-11-11 14:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-12-22 09:18 - 2016-11-11 14:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2016-12-22 09:17 - 2016-11-11 14:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-12-22 09:18 - 2016-11-11 14:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-12-22 09:18 - 2016-11-11 14:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2016-12-22 09:17 - 2016-11-11 14:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-12-22 09:18 - 2016-11-11 14:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-12-22 09:18 - 2016-11-11 14:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2016-12-22 09:17 - 2016-12-21 12:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2016-12-22 09:17 - 2016-11-11 14:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2016-12-22 09:17 - 2016-12-21 12:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2016-12-22 09:17 - 2016-12-03 02:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2016-12-22 09:17 - 2016-12-21 12:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-12-22 09:18 - 2016-12-21 12:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2016-12-22 09:18 - 2016-11-11 14:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
    2016-12-22 09:17 - 2016-11-11 14:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2016-12-22 09:17 - 2016-11-11 14:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-12-22 09:18 - 2016-12-21 12:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2016-12-22 09:18 - 2016-11-11 14:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2016-12-22 09:18 - 2016-12-21 12:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2016-12-22 09:18 - 2016-11-11 14:44 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-09-20 12:00 - 2016-09-20 12:00 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2016-09-20 12:01 - 2016-11-15 04:19 - 01041600 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2014-10-17 10:07 - 2015-03-24 02:37 - 00125088 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\OUTLCTL.DLL
    2016-12-16 13:00 - 2016-12-16 13:00 - 01114136 _____ () C:\Users\ceyermann\AppData\Roaming\Mozilla\Firefox\Profiles\tl9sknbx.default-1448214611333\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    2016-10-27 05:35 - 2016-10-27 05:35 - 22825144 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
    2016-05-03 08:41 - 2016-05-03 08:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
    2016-09-30 17:36 - 2016-09-30 17:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\sharepoint.com -> hxxps://theheartlandgroup-files.sharepoint.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\1001namen.com -> 1001 Namen
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123haustiereundmehr.com -> 123 Haustiere Und Mehr
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123moviedownload.com -> 123Movies Stream Movies Online - Watch Free Movies
    IE restricted site: HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7865 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2015-07-24 09:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ceyermann\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\current.bmp
    DNS Servers: 71.10.216.1 - 71.10.216.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
    HKLM\...\StartupApproved\Run: => "SynTPEnh"
    HKLM\...\StartupApproved\Run: => "SysTrayApp"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKLM\...\StartupApproved\Run32: => "BrStsWnd"
    HKLM\...\StartupApproved\Run32: => "EEventManager"
    HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "DesktopEarth AutoStart.lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - .lnk"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Power2GoExpress8"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "MyDriveConnect.exe"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "TomTomHOME.exe"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "1685277AC3E7BC47019DE3AD83FB8C521A332DB9._service_run"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Push Client"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Driver Support"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "HP Officejet 4630 series (NET)"
    HKU\S-1-5-21-3193829095-4286807977-817251257-1002\...\StartupApproved\Run: => "Fitbit Connect"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [UDP Query User{E14487E6-4994-4762-8AE0-4C9ADA1FCC0F}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
    FirewallRules: [TCP Query User{37B4B402-B9DD-4178-BC5C-98D7EE2E6AB6}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
    FirewallRules: [{BABFC6AE-9460-4A62-8C6E-D73693EE4568}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{0C1EB985-DD65-404E-82C8-7F6FA76BD2F4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FFFF21A4-5213-4D94-9849-9213A0E9FF99}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{28DAD3DF-7A1E-49C4-A393-12921F90673F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D4F3558D-C690-440F-9640-DA21003CE244}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8157B40D-152B-4303-9916-A69B2511C757}] => LPort=1900
    FirewallRules: [{92B5170F-2B54-47E1-907B-C7DB16C49953}] => LPort=2869
    FirewallRules: [{BCFABD0B-EF96-419B-8F1D-3DA6E7342DC7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{CD30210D-0E58-4EF0-8460-8E4A80121EFA}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [TCP Query User{FDCF46CD-27F5-4FC0-A971-B02E1DBB6D9C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{07053E06-99FE-439A-957B-28BE21C68A2E}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{94C9ACE4-BC9D-4656-B1C7-16FA029AE77D}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{97D7E4AA-1738-45FA-9ED8-ABC78AC150AE}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{FC0FBD2F-226C-411A-9249-264267F0C529}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{FA584B2A-43B6-4F0D-BF8C-1B62260BEED0}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{77AB2D48-2C2B-47A7-B0E7-4179A0EFF0B8}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{9B24FC63-8A84-4808-B7E2-75AA9D62D458}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{3B8B4CCA-3FD7-4CAA-970B-EC420B1563A7}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{088D4F47-2740-4ECB-9B05-8D620776D3EB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{90B5DFAF-97C2-4811-8A9A-C8CC85AFECEE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{4246ABA4-87E9-4C96-B5E7-6E1AFFC73CF7}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{51426D04-4773-4BB5-A18E-E1BC851AA1E6}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{9FF85B2B-22C1-433D-A248-F61581C1CEDD}] => C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
    FirewallRules: [{C45AE543-51E5-4F8D-B236-6B26F5FF7D32}] => C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
    FirewallRules: [{EA43C5CB-B36E-4417-8F67-A20DF86B43FF}] => C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
    FirewallRules: [{CA12C2BF-120B-48B9-9D69-A0ED2976ABED}] => C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
    FirewallRules: [{44EC0C9E-0CAC-4457-AE81-B686ECE80E43}] => LPort=5357
    FirewallRules: [{379D27EC-0629-4450-A1EE-0F0AC1F50230}] => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{225F59B1-0A32-4F2B-8A5D-1BA298194F72}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F3DCC996-F5CB-4450-B93C-8308D238F2CA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1EF0BAF2-D79C-4630-96CD-D2FE3B123FED}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5ED78795-6399-4810-9939-96A232AF7649}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{74AF0D5A-1CB9-491D-9E9D-C51319A28620}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{3BBF9A94-6139-495F-8A09-4DEFAD314281}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{63611286-6E96-4FA6-A512-2C7396B9EAE9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B1EFC4C1-C3E9-4C82-8431-E954667B34C7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    11-12-2016 12:14:47 Removed Fitbit Connect
    14-12-2016 17:39:46 Windows Update
    22-12-2016 16:23:17 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer:
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/28/2016 06:28:27 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:28:17 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:28:07 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

    Error: (12/28/2016 06:28:07 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:57 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

    Error: (12/28/2016 06:27:57 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:47 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:37 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

    Error: (12/28/2016 06:27:37 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (2340) WebCacheLocal: An attempt to open the file "C:\Users\ceyermann\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/28/2016 06:27:26 AM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhostw (2340) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.


    System errors:
    =============
    Error: (12/27/2016 09:02:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 04:03:14 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server WindowsDefaultLockScreen did not register with DCOM within the required timeout.

    Error: (12/27/2016 04:03:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 02:35:11 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

    Error: (12/27/2016 02:33:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Connected Devices Platform Service service terminated with the following error:
    Unspecified error

    Error: (12/27/2016 12:37:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 12:28:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/27/2016 12:23:15 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

    Error: (12/27/2016 12:21:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Connected Devices Platform Service service terminated with the following error:
    Unspecified error

    Error: (12/27/2016 12:21:15 PM) (Source: DCOM) (EventID: 10010) (User: HPLAPTOP)
    Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================
    Date: 2016-12-27 12:26:52.675
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:52.673
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:52.669
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:51.996
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:51.994
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:51.988
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:50.005
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:50.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:49.999
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-27 12:26:46.629
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 38%
    Total physical RAM: 7650.26 MB
    Available physical RAM: 4681.1 MB
    Total Virtual: 8866.26 MB
    Available Virtual: 5734.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:905.45 GB) (Free:810.24 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:24.46 GB) (Free:2.89 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================

  11. #10
    Member
    Join Date
    Dec 2006
    Location
    st louis mo
    Posts
    224
    Points
    1

    Default

    thanks. my rookie mistake.

Page 1 of 2 12 LastLast