• Still running Windows 7 or earlier? Support for Windows 7 ended on January 14th 2020. Please review the thread here for more details.

Windows issues related to Malware cleanup, MalwareBytes doesn't run

M

MKWest

Member
Joined
Oct 17, 2016
Posts
19
Location
Phoenix, AZ
We recently had a ransomware event. We caught it early and encrypted data had been backed up so that was good. We had a local IT company come in to clean things up. The infection itself was not on my machine but I have had other issues surrounding the "cleanup". The IT guy used a combination of malwarebytes, CCleaner, Stinger ans some other things. Unfortunately, once malwarebyes was installed on my machine it would not run. I got a "Bad Image - opengl32dll" error. I have been working with Malwarebytes on this but it is clear that there are some core OS issues, including permissions. I was unable to even run the event viewer until I used an online fix. Since then I have also run Spybot Clean and Destroy, done some defrags, done some disk scans which did catch a few bad locks and fix them. I also ran Windows All-in-One Repair

I am really hoping not to have to re-install windows if possible. Malwarebytes Support suggested I post my issues here as you guys are really good at OS problems. Below is the SALog.txt results (not sure where I get the checkup.txt file). Also below is the most recent Farbar scan.

Thanks in advance for any help you can offer!


Result of Security Analysis by Rocket Grannie (x86) Updated: 16th October, 2016
Running from:C:\Users\Rick\Desktop (12:04:45 - 10/17/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Opera\Launcher.exe
***-----------------Anti-Virus - Firewall-------------------***
McAfee® Security-as-a-Service (Disabled - Up to Date)
Firewall: McAfee® Security-as-a-Service
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 23.0.0.185)
Adobe Flash Player 23 ActiveX (version 23.0.0.162)
Firefox (version 49)
Java (version 8.0.1010.13)
Malwarebytes Anti-Exploit (version 1.8.1.2572)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)
Opera (version 40)
Windows Live Essentials (version 16.4)


CCleaner (version 4.10) is *out of Date*
Google Chrome (version 53.0.2785.143) is *out of Date*


***----------------Analysis Complete-------------------------***




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by Rick (administrator) on RICK-PC (14-10-2016 09:19:34)
Running from C:\Users\Rick\Desktop
Loaded Profiles: Rick & McAfeeMVSUser (Available Profiles: Rick & Angela & McAfeeMVSUser & tsgadmin & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ActFax Communication) C:\Program Files (x86)\ActiveFax\Server\ActSrvNT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Spiceworks, Inc.) C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Apache Software Foundation) C:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Prosoftnet) C:\IDrive\id_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Prosoftnet) C:\IDrive\id_bglaunch.exe
(Prosoftnet) C:\IDrive\id_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corp.) C:\Users\Rick\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe




==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2013-01-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [353728 2011-06-17] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [MVS Splash] => C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [481648 2014-12-04] ()
HKLM-x32\...\Run: [IDrive Background process] => C:\IDrive\id_bglaunch.exe [72968 2016-04-14] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\IDrive\id_tray.exe [2072328 2016-04-14] (Prosoftnet)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\MountPoints2: {097c9a82-ff0b-11e4-a5d5-6805ca128c68} - G:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\MountPoints2: {301cee12-81e6-11e4-b7f5-6805ca128c68} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\MountPoints2: {de485333-c7da-11e4-ac2e-6805ca128c68} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_554F09F6EF2194379EF187460292DAF5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [966760 2016-09-24] (Google Inc.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\IDrive\IDSyncIntIcon64.dll [2016-04-11] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\IDrive\IDSyncIntIcon64.dll [2016-04-11] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\IDrive\IDSyncIntIcon64.dll [2016-04-11] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2015-05-18]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk [2014-11-14]
ShortcutTarget: i1Profiler Tray.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk [2014-11-14]
ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


ProxyServer: [.DEFAULT] => localhost:8080
ProxyServer: [S-1-5-21-2900652731-1545930263-437072239-1000] => localhost:8080
ProxyServer: [S-1-5-21-2900652731-1545930263-437072239-1004] => localhost:8080
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C30C15E0-2A94-4E1D-A1D3-121E034D75EE}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{C81F95AF-44ED-4FEB-9672-24947A29310F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C81F95AF-44ED-4FEB-9672-24947A29310F}: [DhcpNameServer] 192.168.1.1


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070814
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> {4D6A0002-D973-4247-81FF-3C61B5A01CE1} URL = hxxp://search.yahoo.com/search?fr=mcsaed&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> {7385C7FD-F240-4CEC-9C9D-1417A0787B3D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20151112113009.dll [2013-12-17] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-05] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20151112113009.dll [2013-12-17] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-05] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {037790A6-1576-11D6-903D-00105AABADD3} hxxps://www.ussco.com/bluezone/controls/sglw2hcm.ocx
DPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx
DPF: HKLM-x32 {76A99961-126B-48C5-AADB-E239EECF71D5} hxxps://www.mydlink.com/8D/activeX//DCS-93x/H264PlugLiteDL.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)


FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default [2016-10-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ag9lcl8s.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ag9lcl8s.default -> Google
FF Extension: (Grammarly for Firefox) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-10-05]
FF Extension: (LogMeIn, Inc. Remote Access Plugin) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default\Extensions\LogMeInClient@logmein.com [2014-11-04] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-12]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2016-02-02] [not signed]
FF Extension: (McAfee SiteAdvisor Enterprise) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B7082FAA-CB62-4872-9106-E42DD88EDE45} [2016-09-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-01-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-05] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll [2014-03-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-01-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rick\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-20] (Unity Technologies ApS)


Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll => No File
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2016-10-10]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-28]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Web Developer) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-04-13]
CHR Extension: (McAfee SiteAdvisor Enterprise) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj [2015-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-05]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-04-13]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (HubSpot Sales) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-10-05]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 ActiveFaxServiceNT; C:\Program Files (x86)\ActiveFax\Server\ActSrvNT.exe [1529024 2013-02-19] (ActFax Communication)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 IDriveService; C:\IDrive\id_service.exe [154888 2016-04-14] (Prosoftnet)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-09-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-09-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [161128 2014-03-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2013-12-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2013-12-17] (McAfee, Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [296400 2014-04-25] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1000896 2011-06-17] (Cyber Power Systems, Inc.)
R2 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [47344 2016-04-01] (Spiceworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2014-06-23] (X-Rite Inc.)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [75360 2016-08-04] ()
S3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
S3 kc02us_bus; C:\Windows\System32\DRIVERS\kc02us_bus64.sys [51608 2012-06-20] (Kyocera Corporation)
S3 kc02us_mdm; C:\Windows\System32\DRIVERS\kc02us_mdm64.sys [73624 2012-06-20] (Kyocera Corporation)
S3 kc02us_serd; C:\Windows\System32\DRIVERS\kc02us_serd64.sys [66968 2012-06-20] (Kyocera Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2013-12-17] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2013-12-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2013-12-17] (McAfee, Inc.)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows (R) Win 7 DDK provider)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-03] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-07-11] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2014-07-11] (Nicomsoft Ltd.) [File not signed]
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2014-11-26] (Wondershare)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-10-14 09:19 - 2016-10-14 09:19 - 00000000 ____D C:\Users\Rick\Desktop\FRST-OlderVersion
2016-10-12 17:50 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 17:49 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 17:49 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 17:49 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 17:49 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 17:49 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 17:49 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 17:49 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 17:49 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 17:49 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 17:49 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 17:49 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 17:49 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 17:49 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 17:49 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 17:49 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 17:49 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 17:49 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 17:49 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 17:49 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 17:49 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 17:49 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 17:49 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 17:49 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 17:49 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 17:49 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 17:49 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 17:49 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 17:49 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 17:49 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 17:49 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 17:49 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 17:49 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 17:49 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 17:49 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 17:49 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 17:49 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 17:49 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 17:49 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 17:49 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 17:49 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 17:49 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 17:49 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 17:49 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 17:49 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 17:49 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 17:49 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 17:49 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 17:49 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 17:49 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 17:49 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 17:49 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 17:49 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 17:49 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 17:49 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 17:49 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 17:49 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 17:49 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 17:49 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 17:49 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 17:49 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 17:49 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 17:49 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 17:49 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 17:49 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 17:49 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 17:49 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 17:49 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 17:49 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 17:49 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 17:49 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 17:49 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 17:49 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 17:49 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 17:49 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 17:49 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 17:49 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 17:49 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 17:49 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 17:49 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 17:49 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 17:49 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 17:49 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 17:49 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 17:49 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 17:49 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 17:49 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 17:49 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 17:49 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 17:49 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 17:49 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 17:49 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 17:49 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 17:49 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 17:49 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 17:49 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 17:39 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 17:39 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-12 17:26 - 2016-10-12 17:26 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-12 17:26 - 2016-10-12 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-12 17:25 - 2016-10-12 17:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-12 17:25 - 2016-10-12 17:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-12 17:25 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-12 17:25 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-12 17:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-12 17:15 - 2016-10-12 17:15 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-12 17:14 - 2016-10-12 17:14 - 00566128 _____ (Malwarebytes) C:\Users\Rick\Desktop\mbam-clean-2.3.0.1001.exe
2016-10-12 16:44 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 16:44 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-12 15:48 - 2016-10-12 15:48 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RICK-PC-Windows-7-Professional-(64-bit).dat
2016-10-12 15:48 - 2016-10-12 15:48 - 00000000 ____D C:\RegBackup
2016-10-12 15:22 - 2016-10-12 15:22 - 00162712 _____ C:\Windows\ntbtlog.txt
2016-10-12 15:02 - 2016-10-12 15:02 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-10-12 15:02 - 2016-10-12 15:02 - 00002159 _____ C:\Users\Rick\Desktop\Tweaking.com - Windows Repair.lnk
2016-10-12 15:02 - 2016-10-12 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-10-12 15:01 - 2016-10-12 15:02 - 00188935 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-10-12 15:01 - 2016-10-12 15:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-10-12 11:59 - 2016-10-12 12:01 - 00065301 _____ C:\Users\Rick\Desktop\Addition.txt
2016-10-12 10:44 - 2016-10-14 09:19 - 00037117 _____ C:\Users\Rick\Desktop\FRST.txt
2016-10-12 10:43 - 2016-10-14 09:19 - 02406912 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe
2016-10-11 10:21 - 2016-10-11 12:09 - 00000000 _____ C:\Users\Rick\Desktop\CHKDSKResults.txt
2016-10-10 17:27 - 2016-10-10 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-10-10 17:27 - 2016-10-10 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-10 17:27 - 2016-10-10 17:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-10-10 12:34 - 2016-10-14 09:19 - 00000000 ____D C:\FRST
2016-10-10 12:15 - 2016-10-10 12:26 - 00000000 ____D C:\AdwCleaner
2016-10-10 12:15 - 2016-10-10 12:15 - 03874368 _____ C:\Users\Rick\Downloads\adwcleaner_6.021.exe
2016-10-10 11:46 - 2016-10-11 18:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-10 11:46 - 2016-10-11 15:04 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-10 11:44 - 2016-10-10 11:44 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Rick\Downloads\flashplayer23pp_fa_install.exe
2016-10-10 11:24 - 2016-10-10 11:24 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 16:20 - 2016-10-06 16:20 - 00000000 ____D C:\Users\Rick\AppData\Roaming\NVIDIA
2016-10-06 11:57 - 2016-10-06 11:57 - 00012776 _____ C:\Users\Rick\Downloads\Logins-Instructions.xlsx
2016-10-06 09:48 - 2016-10-06 09:49 - 00000085 _____ C:\Windows\wininit.ini
2016-10-06 09:26 - 2016-10-06 09:26 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1475771156
2016-10-06 09:26 - 2016-10-06 09:26 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-10-06 09:26 - 2016-10-06 09:26 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-10-06 09:26 - 2016-10-06 09:26 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Opera Software
2016-10-06 09:26 - 2016-10-06 09:26 - 00000000 ____D C:\Users\Rick\AppData\Local\Opera Software
2016-10-06 09:25 - 2016-10-07 09:26 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-06 09:21 - 2016-10-06 09:21 - 01137296 _____ (Opera Software) C:\Users\Rick\Downloads\OperaSetup.exe
2016-10-05 15:56 - 2016-10-13 03:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-05 15:56 - 2014-02-08 10:42 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-05 15:56 - 2014-02-08 10:42 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-05 15:56 - 2014-02-08 10:42 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-10-05 15:56 - 2014-02-08 10:42 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-05 15:56 - 2014-02-08 10:42 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-05 15:56 - 2014-02-08 09:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-05 15:55 - 2014-02-08 11:34 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-10-05 15:55 - 2014-02-08 11:34 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-05 15:49 - 2014-02-08 11:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-05 15:49 - 2014-02-08 11:34 - 00024544 _____ C:\Windows\system32\nvinfo.pb
2016-10-05 13:51 - 2016-10-05 13:53 - 00000000 ____D C:\Users\Rick\Desktop\Tools
2016-10-05 13:17 - 2016-10-05 13:41 - 00000000 ____D C:\EEK
2016-10-05 11:41 - 2016-03-28 09:23 - 00000859 _____ C:\Windows\system32\Drivers\etc\hosts.20161005-114147.backup
2016-10-05 10:09 - 2016-10-05 10:09 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-10-05 10:07 - 2016-10-06 09:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-05 10:07 - 2016-10-06 09:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-04 18:36 - 2016-10-11 15:46 - 00000000 ____D C:\Users\Rick\Documents\Registry Backup
2016-10-04 18:33 - 2016-10-04 18:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-04 18:33 - 2016-10-04 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-04 18:19 - 2016-10-04 18:31 - 00005150 _____ C:\Users\Rick\Desktop\Rkill.txt
2016-10-04 18:12 - 2016-03-10 14:07 - 09926112 _____ (Malwarebytes) C:\Users\Rick\Desktop\wuauclt.exe
2016-10-04 18:10 - 2016-10-04 13:28 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Desktop\Lettuce.exe
2016-10-04 17:36 - 2016-10-04 17:36 - 00000000 ____D C:\Users\Rick\Desktop\JkDefrag64-3.36
2016-10-04 16:40 - 2016-10-04 16:40 - 00000000 ____D C:\Program Files\stinger
2016-10-04 16:32 - 2016-10-04 16:32 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Real
2016-10-04 16:29 - 2016-10-04 16:29 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Apple
2016-10-04 16:25 - 2016-10-04 16:25 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\X-Rite
2016-10-04 16:24 - 2016-10-04 16:25 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Adobe
2016-10-04 16:24 - 2016-10-04 16:24 - 00128816 _____ C:\Users\tsgadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 16:24 - 2016-10-04 16:24 - 00001413 _____ C:\Users\tsgadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\McAfee
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Adobe
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\NVIDIA
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\LogMeIn
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Aimersoft
2016-10-04 16:23 - 2016-10-04 16:24 - 00000000 ___RD C:\Users\tsgadmin\Virtual Machines
2016-10-04 16:23 - 2016-10-04 16:23 - 00002255 _____ C:\Users\tsgadmin\Desktop\Google Chrome.lnk
2016-10-04 16:23 - 2016-10-04 16:23 - 00000020 ___SH C:\Users\tsgadmin\ntuser.ini
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\My Documents
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\Documents\My Videos
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\Documents\My Pictures
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\Documents\My Music
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\VirtualStore
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Google
2016-10-04 16:22 - 2016-10-04 16:23 - 00000000 ____D C:\Users\tsgadmin
2016-10-04 16:22 - 2013-08-20 11:12 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Macromedia
2016-10-04 16:22 - 2013-01-21 16:13 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Microsoft Help
2016-10-04 16:22 - 2011-04-12 01:28 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Media Center Programs
2016-10-04 14:20 - 2016-10-04 14:20 - 00000000 ____D C:\Program Files\McAfee
2016-10-04 14:19 - 2016-10-04 13:31 - 16030839 _____ C:\Users\Rick\Desktop\stinger64-epo.zip
2016-10-04 14:19 - 2013-07-11 10:57 - 00505396 _____ C:\Users\Rick\Desktop\JkDefrag64-3.36.zip
2016-10-04 14:15 - 2016-10-04 16:34 - 00000000 ____D C:\Windows\pss
2016-10-04 14:09 - 2016-10-04 18:33 - 00000000 ____D C:\Program Files\CCleaner
2016-10-04 14:09 - 2016-10-04 14:09 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-04 10:30 - 2016-10-04 10:30 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-10-04 10:30 - 2016-10-04 10:30 - 00000000 ____D C:\Users\Guest
2016-09-26 11:50 - 2016-10-04 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 09:27 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-09-21 09:27 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-21 09:27 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-21 09:27 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-21 09:27 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-21 09:27 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-09-21 09:27 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-09-21 09:27 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-09-21 09:27 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-21 09:27 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-21 09:27 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-09-21 09:27 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-21 09:27 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-21 09:27 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-21 09:27 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-09-21 09:27 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-09-21 09:27 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-09-21 09:27 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-09-21 09:27 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-09-21 09:27 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-09-21 09:27 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-09-21 09:26 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-09-21 09:26 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-09-21 09:26 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-09-21 09:26 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-09-21 09:26 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-09-21 09:26 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-09-21 09:26 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-09-21 09:26 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-09-21 09:26 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-09-21 09:26 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-09-21 09:26 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-09-21 09:25 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-21 09:25 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-21 09:25 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-09-21 09:25 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-21 09:25 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-21 09:25 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-21 09:25 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-21 09:25 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-14 12:35 - 2016-10-04 16:12 - 00003490 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Rick
2016-09-14 12:35 - 2016-10-04 16:12 - 00003482 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Rick
2016-09-14 12:35 - 2016-10-04 16:12 - 00003190 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Rick
2016-09-14 12:35 - 2016-09-14 12:35 - 00003606 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Rick


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-10-14 09:21 - 2016-04-15 15:48 - 00000000 ___RD C:\Users\Rick\Documents\Outlook Files
2016-10-14 09:20 - 2015-06-16 09:13 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA.job
2016-10-14 09:20 - 2015-06-16 09:13 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job
2016-10-14 09:07 - 2014-11-14 14:57 - 00001368 ____H C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job
2016-10-14 09:07 - 2014-11-12 11:47 - 00001368 ____H C:\Windows\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7}.job
2016-10-14 09:07 - 2013-08-20 12:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-14 09:07 - 2013-01-16 15:12 - 00000000 ____D C:\Users\Rick\AppData\Local\Adobe
2016-10-14 09:05 - 2013-08-20 12:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-14 09:04 - 2013-01-18 15:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-14 08:59 - 2013-02-25 09:40 - 00000000 ____D C:\ProgramData\LogMeIn
2016-10-14 08:28 - 2014-04-23 14:23 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000.job
2016-10-14 08:00 - 2014-11-14 14:57 - 00000388 _____ C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2016-10-14 07:26 - 2015-06-01 13:47 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000.job
2016-10-14 06:26 - 2016-04-15 15:39 - 00000000 ____D C:\ProgramData\IDrive
2016-10-14 03:07 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-14 03:07 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-14 00:00 - 2013-09-09 09:55 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2016-10-13 14:42 - 2015-12-29 12:19 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job
2016-10-13 04:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-13 03:22 - 2015-11-12 17:37 - 00000000 ____D C:\Users\McAfeeMVSUser
2016-10-13 03:15 - 2009-07-13 22:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-13 03:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-10-13 03:07 - 2014-01-26 13:00 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-10-13 03:07 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-13 03:07 - 2009-07-13 21:45 - 05144256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 16:46 - 2014-12-10 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 16:46 - 2014-04-29 17:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-12 16:32 - 2013-01-16 14:35 - 00128816 _____ C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-12 12:29 - 2013-01-18 12:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 12:29 - 2013-01-18 12:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 09:39 - 2013-01-18 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 03:21 - 2013-07-22 20:21 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 03:04 - 2013-01-16 17:07 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 15:04 - 2013-01-18 15:58 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 15:04 - 2013-01-18 15:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-11 15:04 - 2013-01-18 15:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 15:04 - 2013-01-18 15:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 15:04 - 2013-01-18 15:57 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-10 12:25 - 2016-03-21 10:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-10-10 11:24 - 2014-10-01 13:53 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Dropbox
2016-10-06 11:21 - 2013-01-16 13:04 - 00000000 ____D C:\Users\Rick
2016-10-06 11:10 - 2013-01-21 16:54 - 00000000 ____D C:\Users\Rick\Documents\My Scans
2016-10-06 11:10 - 2010-10-21 12:40 - 00000000 ____D C:\Users\Public\Documents\ImageConverter Plus
2016-10-05 16:16 - 2014-02-28 09:45 - 00000000 ____D C:\temp
2016-10-05 15:58 - 2014-03-11 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-05 15:56 - 2013-01-16 13:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-05 15:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-10-05 15:55 - 2013-01-16 13:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-05 15:33 - 2013-11-18 10:22 - 00000000 ____D C:\ProgramData\Oracle
2016-10-05 15:32 - 2014-10-27 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-05 15:32 - 2014-10-27 15:51 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-05 15:31 - 2016-02-15 13:08 - 00000000 ____D C:\Users\Rick\.oracle_jre_usage
2016-10-05 15:30 - 2015-01-27 09:39 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-05 15:28 - 2014-01-22 10:54 - 00739904 _____ (Oracle Corporation) C:\Users\Rick\Downloads\jxpiinstall.exe
2016-10-05 12:50 - 2013-03-13 17:14 - 00000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2016-10-05 12:49 - 2015-05-22 17:33 - 00000000 ____D C:\Program Files (x86)\webrec
2016-10-05 11:59 - 2013-10-04 09:26 - 00000000 ____D C:\Users\Rick\AppData\Local\Citrix
2016-10-05 11:41 - 2009-07-13 19:34 - 00450741 ____R C:\Windows\system32\Drivers\etc\hosts.20161006-094812.backup
2016-10-05 10:20 - 2015-07-21 03:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-04 16:34 - 2014-05-06 10:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-04 16:32 - 2013-03-15 13:40 - 00000000 ____D C:\ProgramData\Real
2016-10-04 16:13 - 2015-06-12 09:48 - 00000000 ____D C:\Windows\Minidump
2016-10-04 16:13 - 2013-02-19 16:45 - 00000000 ___DC C:\Users\Rick\AppData\Local\MigWiz
2016-10-04 16:13 - 2013-01-16 13:53 - 00000000 ____D C:\Windows\Panther
2016-10-04 16:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\ModemLogs
2016-10-04 16:12 - 2016-09-12 09:18 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2016-09-12 09:18 - 00003202 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2016-09-06 16:17 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2016-09-06 16:17 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2013-03-15 14:51 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 15:35 - 2015-10-13 08:48 - 00003574 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade
2016-10-04 15:34 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-04 14:16 - 2013-01-21 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-04 09:10 - 2016-09-06 09:34 - 00000000 ___RD C:\Users\Rick\Dropbox
2016-10-03 16:07 - 2013-08-20 12:37 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 15:14 - 2015-06-01 13:47 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000
2016-10-03 15:14 - 2014-04-23 14:23 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000
2016-09-30 09:13 - 2014-12-23 10:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-30 09:08 - 2015-06-16 09:13 - 00000000 ____D C:\Users\Rick\AppData\Local\Dropbox
2016-09-26 10:05 - 2015-05-13 15:17 - 00000000 ____D C:\Users\Rick\AppData\Roaming\TinyTake by MangoApps
2016-09-21 11:16 - 2013-02-19 16:10 - 00000000 ___RD C:\Users\Rick\Virtual Machines
2016-09-21 11:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-21 11:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-09-21 09:39 - 2013-01-16 16:25 - 00780998 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-09-20 16:19 - 2013-02-25 09:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-09-20 16:18 - 2013-02-25 09:40 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-09-20 16:18 - 2013-02-25 09:40 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll


==================== Files in the root of some directories =======


2015-01-07 11:01 - 2015-01-07 11:01 - 0000033 _____ () C:\Users\Rick\AppData\Roaming\AdobeWLCMCache.dat
2013-03-04 17:22 - 2013-03-04 17:22 - 0038431 _____ () C:\Users\Rick\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-11-14 15:49 - 2014-11-17 15:50 - 0007606 _____ () C:\Users\Rick\AppData\Local\resmon.resmoncfg
2013-01-18 14:13 - 2013-01-18 14:13 - 0000057 _____ () C:\ProgramData\Ament.ini


Files to move or delete:
====================
C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job
C:\Windows\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7}.job




Some files in TEMP:
====================
C:\Users\Rick\AppData\Local\Temp\libeay32.dll
C:\Users\Rick\AppData\Local\Temp\msvcr120.dll
C:\Users\Rick\AppData\Local\Temp\sqlite3.dll




==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-10-05 00:13


==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Rick (14-10-2016 09:22:12)
Running from C:\Users\Rick\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-01-16 20:04:48)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2900652731-1545930263-437072239-500 - Administrator - Disabled)
Angela (S-1-5-21-2900652731-1545930263-437072239-1002 - Administrator - Enabled) => C:\Users\Angela
Guest (S-1-5-21-2900652731-1545930263-437072239-501 - Limited - Enabled) => C:\Users\Guest
McAfeeMVSUser (S-1-5-21-2900652731-1545930263-437072239-1004 - Limited - Enabled) => C:\Users\McAfeeMVSUser
Rick (S-1-5-21-2900652731-1545930263-437072239-1000 - Administrator - Enabled) => C:\Users\Rick
tsgadmin (S-1-5-21-2900652731-1545930263-437072239-1006 - Administrator - Enabled) => C:\Users\tsgadmin


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: McAfee® Security-as-a-Service (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee® Security-as-a-Service (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee® Security-as-a-Service (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
ActiveFax (HKLM-x32\...\ActiveFax) (Version: - )
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Aimersoft DRM Media Converter(Build 1.5.6.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Amazon Kindle (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AniTa Terminal (HKLM-x32\...\AniTa Terminal) (Version: - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997880606.48.56.35851498 - Audible, Inc.)
Beyond Compare Version 3.3.5 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)
Brother P-touch Address Book 1.1 (HKLM-x32\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.100 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (x32 Version: 1.1.100 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM-x32\...\InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.110 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (x32 Version: 5.0.110 - Brother Industries, Ltd.) Hidden
Brother QL-Series Software User's Guide (HKLM-x32\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
CyberPower PowerPanel Personal Edition 1.3.2 (HKLM-x32\...\{6984B5E1-721C-4F8E-BF5A-ED5F45D90EB6}) (Version: 1.3.2 - Cyber Power Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Dell System Detect (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dropbox (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Dropbox) (Version: 11.4.22 - Dropbox, Inc.)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
EZPrint (HKLM-x32\...\{967A179C-0051-44F9-B37F-5438556A664E}) (Version: 1.0.0 - IIT)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 7.24.0.5636 (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\GoToMeeting) (Version: 7.24.0.5636 - CitrixOnline)
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.5.6 - X-Rite)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Ipswitch WS_FTP Professional 2007 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.1.0000 - Ipswitch)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Juniper_Setup_Client) (Version: 7.4.12.47753 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
KYOCERA USB Modem KC02US Driver (HKLM\...\{E2C3C89F-23CC-4C39-A900-6139F65B1557}) (Version: 1.02.0000 - KYOCERA Corporation)
Lightroom 4.4 (HKLM-x32\...\{3c5418ff-7dea-4a37-8c52-45c670677773}) (Version: 4.4 - Adobe Systems Incorporated)
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
LogMeIn (HKLM-x32\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Browser Protection Service (HKLM-x32\...\McAfeeBrowserProtection) (Version: 6.0.3.138 - McAfee, Inc.) <==== ATTENTION
McAfee Firewall Protection Service (HKLM-x32\...\McAfee Managed Firewall) (Version: 6.0.3.138 - McAfee, Inc.)
McAfee SiteAdvisor Enterprise (x32 Version: 3.5.0.1204 - McAfee, Inc.) Hidden
McAfee Virus and Spyware Protection Service (HKLM-x32\...\MVS) (Version: 6.0.3.138 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-0080-011C-141002011772}) (Version: 2.1.6002.128 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nmap 5.61-Spiceworks (HKLM-x32\...\Spiceworks-Nmap) (Version: - )
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera Stable 40.0.2308.81 (HKLM-x32\...\Opera 40.0.2308.81) (Version: 40.0.2308.81 - Opera Software)
Pantone Color Manager 2.1.0 (HKLM-x32\...\Pantone Color Manager_is1) (Version: - PANTONE)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Spiceworks Desktop (HKLM-x32\...\Spiceworks) (Version: 7.5.00074 - Spiceworks, Inc.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPcap 4.1.2-Spiceworks (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
X-Rite Device Services Manager (HKLM-x32\...\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}) (Version: 2.3.82 - X-Rite)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Rick\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\9D33DFAE6C52433F83F611B76F6F2BE3\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {04ECC7B7-4BC1-469A-A29A-090834595B9F} - System32\Tasks\ReclaimerUpdateFiles_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {05640D68-9206-4FFC-BA3A-F5E49763F1B3} - System32\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7} => C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp\XRD Manager.exe <==== ATTENTION
Task: {09B83EB1-7511-476E-AADD-C9E512D387B0} - System32\Tasks\HP AR Program Upload - 381aff87eb5e40f8acb44ac1c6fb554125f4ee61123c42ed9df5b838b2def031 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {1478BBFD-387E-44B4-8A7D-E2EE53535772} - System32\Tasks\HP AR Program Upload - 8235740889514316a6fdbe064ab694f3f24431c1096f4bfca00b4a1f667498c0 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {16D4FBAB-C935-4F12-88A9-0686CCF0D8B7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)
Task: {22056459-7B14-4B08-ABEC-F6BA01F213D3} - System32\Tasks\HP AR Program Upload - b9d7dd830c5e4926b82d790df35fdca2df0e8d8f6dce4bbfaa543e303878d818 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2BFC5695-0827-4B96-8BDD-2340EC65164A} - System32\Tasks\HP AR Program Upload - 43d21fb3773b4d18b4a96bccb99ebb162abec3bdb81f45549dd37a36225af222 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2F161870-6C55-4977-8053-1A6E402FB460} - System32\Tasks\{F477218C-FDED-4440-ACE6-B707D2AF1723} => pcalua.exe -a "C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3DRSCAU\Glance__s71b!glance!net_5500_80_628460!4845!1014832359_50000,60,5,15,5,60,0,0,1_2109628799_5501_443_viewer.exe" -d C:\Users\Rick\Desktop
Task: {3CB1E731-91A2-4C3C-98F5-B073EF7FD204} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4223BE8B-0AD1-431C-939D-DD19160A0FD7} - System32\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000 => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe [2016-10-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {48897381-735E-44BF-BDAE-2D8E4C86FB39} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {4B6ED267-A7B0-4AF0-879A-5283DDD15A77} - System32\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000 => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe [2016-10-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {58BBEA3F-46C7-47BB-96B8-50A926CF0396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5CC9E35A-AB3E-4E73-BBAA-6518173C3C74} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {60AE1FEA-873C-4FCF-8593-78C95A0479E0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {679A6860-03A3-4EDF-A03D-5C41A62C2E54} - System32\Tasks\HP AR Program Upload - 87b80886cf1c439fbaba5fb60f4fd31539d3dea8b7fc4820b40122ceef546c5e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6BEDE3A7-994F-4002-A388-91300E02ABB0} - System32\Tasks\{25DB5D40-61F2-4B32-BDC0-A8A65D8F0741} => pcalua.exe -a C:\Users\Rick\Desktop\TEMP\Setup.exe -d C:\Users\Rick\Desktop\TEMP <==== ATTENTION
Task: {6E6945BF-CFC2-491F-94DE-5F387DFDC566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {7E16FE1D-E132-4753-8ECF-B41E45DA721F} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8CB2F37B-0A19-4F7D-860F-5035F7D1E6DA} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23] (X-Rite Inc.)
Task: {9AC7D5DB-4A3F-41E2-B48C-DA643647C0CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9E494A5B-54C8-4D09-AAB2-A0EC8E98A248} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A13EB934-EA80-4FCF-8573-AEF7E3978AC3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {A3E645BE-7DD7-4CAD-AFE7-B54444BF9D24} - System32\Tasks\{01B6386C-4107-4714-A4D3-7BF7299121CB} => pcalua.exe -a "F:\MarketsWest\Business Related\Technical Support, etc\Viewsonic 24 Monitor\Standard_Monitor_Driver_Signed_Win7_x64\Standard_Monitor_Driver_Signed_Win7_x64.exe" -d "F:\MarketsWest\Business Related\Technical Support, etc\Viewsonic 24 Monitor\Standard_Monitor_Driver_Signed_Win7_x64"
Task: {A7A43138-16B1-43EA-B982-BEE87200E969} - System32\Tasks\{FE9D2B2A-B4E7-4560-AE02-D04C1F11A5B4} => pcalua.exe -a "C:\Users\Rick\AppData\Local\Temp\Temp2_tsg (3).zip\tsg.exe" <==== ATTENTION
Task: {AB4677F6-2450-41D8-8395-BD1A7289FC13} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus Online\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {B6E03CBE-D005-4E85-8FB8-C4C82CE8AEF1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.4.24\WSCStub.exe
Task: {B89B6C0C-2FA7-4FD9-A09D-8E5C2DB7D7C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {C2CCA14A-7172-4570-91DD-B16B03C41FF0} - System32\Tasks\TinyTakeUpgrade => C:\Users\Rick\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {CAB2EF2C-3429-435D-8EFC-0E7CCE491127} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.4.24\SymErr.exe
Task: {CE486478-EB20-4FC2-B161-4469A4FA22CA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)
Task: {D0E5F315-BF8C-4CFD-8FF3-1488D808C644} - System32\Tasks\AdobeAAMUpdater-1.0-Rick-PC-Rick => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {D1558DF8-3DDB-469D-94C1-C3A72AC1E4F9} - System32\Tasks\{B9880807-E727-4442-BB78-E2BCB55F4FC4} => pcalua.exe -a C:\Users\Rick\Downloads\Standard_Monitor_Driver_Signed_Win7_x64\Standard_Monitor_Driver_Signed_Win7_x64.exe -d C:\Users\Rick\Downloads\Standard_Monitor_Driver_Signed_Win7_x64
Task: {D36E7BB5-BEDF-4B4D-9F35-AA71D99A3C62} - System32\Tasks\HP AR Program Upload - e5dcbd9238784a3f9d97ccba665e33ae2fe46b50e09d4fc7920737d9ec08630f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D8009271-07F9-483F-A9A2-F49BA9BE09F9} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.4.24\SymErr.exe
Task: {D91E2F27-2BB0-48B1-BA78-B82EAE3AB0B6} - System32\Tasks\RNUpgradeHelperResumePrompt_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {E7342D1B-8BD7-4789-B1F8-48E145373698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {EB084A77-1725-4F37-BDB2-25E20846A293} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F0143DA9-3788-476E-9587-022D93703CE2} - System32\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97} => C:\Users\Rick\AppData\Local\Temp\is-R2E07.tmp\XRD Manager.exe <==== ATTENTION
Task: {F13B40EC-B1FF-446F-B60E-B75663BEC34B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {F1A4E795-162B-47AB-96A9-65D3BF67B7E0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F817CF06-7A3D-45A3-97EC-3749A2DDB0EA} - System32\Tasks\ReclaimerUpdateXML_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {FE1D63EA-0ED9-4432-9283-BB658D1E0F22} - System32\Tasks\Opera scheduled Autoupdate 1475771156 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-03] (Opera Software)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA.job => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000.job => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000.job => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA.job => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
Task: C:\Windows\Tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job => C:\Users\Rick\AppData\Local\Temp\is-R2E07.tmp\XRD Manager.exeȢ/exenoupdates /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE F:\ AI_PREREQFILES=C:\Users\Rick\AppData\Local\Temp\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}\drivers64.msi AI_PREREQDIRS=C:\Users\Rick\AppData\Local\Temp OLDPRODUCTS={425E7005-9EC8-4CFC-818A-D3511CE343B7} AI_SETUPEXEPATH=C:\Users\Rick\AppData\Local\Temp\is-R2E07.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Rick\AppData\Local\Temp\is-R2E07.tmp <==== ATTENTION
Task: C:\Windows\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7}.job => C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp\XRD Manager.exeȢ/exenoupdates /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE F:\ AI_PREREQFILES=C:\Users\Rick\AppData\Local\Temp\{425E7005-9EC8-4CFC-818A-D3511CE343B7}\drivers64.msi AI_PREREQDIRS=C:\Users\Rick\AppData\Local\Temp OLDPRODUCTS={AC5E0CD0-F560-4504-B8C1-3D4F268AA7EF} AI_SETUPEXEPATH=C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp <==== ATTENTION


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2016-10-05 15:56 - 2014-02-08 10:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-15 15:40 - 2016-04-14 17:52 - 00043520 _____ () C:\IDrive\RemoteManagement.dll
2016-04-15 15:40 - 2016-04-14 17:52 - 00013312 _____ () C:\IDrive\SqliteWrapper.dll
2013-01-18 12:16 - 2016-04-11 15:32 - 00834048 _____ () C:\IDrive\sqlite3.dll
2016-04-15 15:40 - 2016-04-11 15:33 - 00412672 _____ () C:\IDrive\Sync.dll
2015-11-12 11:30 - 2014-03-05 15:21 - 00227688 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\VScan64\MVSShExt6.0.3.127.dll
2016-04-15 15:40 - 2016-04-11 15:32 - 00601600 _____ () C:\IDrive\IDContextMenu.dll
2014-11-12 11:33 - 2014-06-18 15:06 - 02519552 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
2015-11-12 11:28 - 2014-12-04 17:29 - 00481648 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\encdb.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00009216 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\iso_8859_1.so
2016-03-02 17:44 - 2016-03-02 17:44 - 00013312 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\trans\transdb.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00014336 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\racc\cparse.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00023552 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\stringio.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00078336 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\syck.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00111616 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\date_core.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00013312 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\thread.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\monitor_mixin.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00058368 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\efs.so
2016-03-02 17:33 - 2016-03-02 17:33 - 00168960 _____ () C:\Program Files (x86)\Spiceworks\bin\qdbm.dll
2016-03-02 17:50 - 2016-03-02 17:50 - 00019456 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\json\ext\parser.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_16be.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_16le.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_32be.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_32le.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00025600 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\json\ext\generator.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00081920 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\zlib.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00008704 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\etc.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00026112 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\fiddle.so
2016-03-02 17:42 - 2016-03-02 17:42 - 00020992 _____ () C:\Program Files (x86)\Spiceworks\bin\libffi-6.dll
2016-03-02 17:44 - 2016-03-02 17:44 - 00013312 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\trans\utf_16_32.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00017408 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\strscan.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00025600 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\sqlite3-1.3.8\lib\sqlite3\sqlite3_native.so
2016-03-02 17:33 - 2016-03-02 17:33 - 00473600 _____ () C:\Program Files (x86)\Spiceworks\bin\sqlite3.dll
2016-03-02 17:50 - 2016-03-02 17:50 - 00185856 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\openssl.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00007680 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\fcntl.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00023552 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\pathname.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00047616 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\dl.so
2016-03-02 17:44 - 2016-03-02 17:44 - 00096768 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\trans\single_byte.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00011776 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\service.so
2016-03-02 17:52 - 2016-03-02 17:52 - 00096256 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\socket.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00053760 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\bigdecimal.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00018944 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\iconv-1.0.4\lib\iconv\iconv.so
2016-03-02 17:38 - 2016-03-02 17:38 - 00864768 _____ () C:\Program Files (x86)\Spiceworks\bin\iconv.dll
2016-03-02 17:50 - 2016-03-02 17:50 - 00252416 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\nkf.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\euc_jp.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\shift_jis.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00010240 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest\md5.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00012800 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest\sha1.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00052736 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\nokogiri-1.4.1\lib\nokogiri\nokogiri.so
2016-03-02 17:42 - 2016-03-02 17:42 - 00061440 _____ () C:\Program Files (x86)\Spiceworks\bin\libexslt.dll
2016-03-02 17:42 - 2016-03-02 17:42 - 00171008 _____ () C:\Program Files (x86)\Spiceworks\bin\libxslt.dll
2016-03-02 17:41 - 2016-03-02 17:41 - 00996352 _____ () C:\Program Files (x86)\Spiceworks\bin\libxml2.dll
2016-03-02 17:33 - 2016-03-02 17:33 - 00067584 _____ () C:\Program Files (x86)\Spiceworks\bin\zlib1.dll
2016-03-02 17:58 - 2016-03-02 17:58 - 00011776 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\image_science-1.2.1\lib\image_science.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00015872 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest\sha2.so
2016-03-02 17:54 - 2016-03-02 17:54 - 00045568 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\bits.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00076288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\win32ole.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00026112 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\async_ping.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00101888 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\event_log.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00028160 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\net-snmp-0.2.5\lib\netsnmp_api.so
2016-03-02 17:40 - 2016-03-02 17:40 - 00397312 _____ () C:\Program Files (x86)\Spiceworks\bin\netsnmp.dll
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\windows_31j.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00060416 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\curb-0.7.12\lib\curb_core.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00027136 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\win32-api-1.5.2\lib\win32\api.so
2014-06-23 17:06 - 2014-06-23 17:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2014-06-23 17:06 - 2014-06-23 17:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2015-05-18 12:42 - 2015-10-11 20:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-20 08:37 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2013-05-20 08:37 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2014-11-12 11:33 - 2014-07-10 01:41 - 44580864 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\Prism.dll
2014-11-12 11:33 - 2014-07-11 10:01 - 03449344 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\CxF2_VC90MD_2.1.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 00898560 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\libxml2.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 00073728 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\zlib1.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 07982592 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\QtGui4.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 02147328 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\QtCore4.dll
2015-11-12 11:28 - 2014-12-04 17:29 - 00420208 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll
2015-11-12 11:31 - 2014-12-04 17:28 - 00199024 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\BPTrayPlugin.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-10-06 09:25 - 2016-10-03 02:17 - 62461208 _____ () C:\Program Files (x86)\Opera\40.0.2308.81\opera.dll
2016-10-06 09:25 - 2016-10-03 02:17 - 01812760 _____ () C:\Program Files (x86)\Opera\40.0.2308.81\libglesv2.dll
2016-10-06 09:25 - 2016-10-03 02:17 - 00095000 _____ () C:\Program Files (x86)\Opera\40.0.2308.81\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"


==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1004\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1004\...\mcafeeasap.com -> hxxp://vs.mcafeeasap.com
IE trusted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1004\...\mcafeeasap.com -> hxxps://vs.mcafeeasap.com
IE restricted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1004\...\europacasino.com -> www.europacasino.com


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 19:34 - 2016-10-06 09:48 - 00000970 ___RA C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 activate.adobe.com


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.


==================== MSCONFIG/TASK MANAGER disabled items ==




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3B6A7B21-379A-4EE4-B008-05BBB007EDD5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{DDE8F113-9ED8-4F84-A460-FF039CA9A4A5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{F1417394-57CE-4B03-A62D-8CE4BE4CE6AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{26291F3D-2D2E-4D00-A426-A50FD0531416}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{5823E6C3-FB34-4BCA-94D5-7B2CDD66A1D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C8ED4761-7B14-4581-B7FB-1A8AF4754360}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4B16543D-D798-4E23-A28A-73BDF23D704F}] => (Allow) LPort=5353
FirewallRules: [{1F398F56-A117-4FE2-9EFA-56D66AF9518E}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{DF3F414C-421B-4DC0-BE5C-F1E26F86D653}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{3D6A2D02-B675-4622-915D-BF19958144A1}] => (Allow) LPort=3703
FirewallRules: [{CBD81C5C-4B27-49E0-A4AD-18D825FAD93E}] => (Allow) LPort=3704
FirewallRules: [{FDD7B16B-2871-40C5-BA0B-11C4B3FA4C7E}] => (Allow) LPort=51000
FirewallRules: [{A8560E34-78B5-4BD1-A1B5-1C5DCCF5CB55}] => (Allow) LPort=51001
FirewallRules: [{4B5F7BCC-4C28-474D-8BED-CC41396E69A1}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{D2138AA4-28AF-4C3B-8676-E8141DBDA6C8}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [TCP Query User{21E68DDA-5FAD-40BE-A3B0-8D58FD5D727B}C:\program files (x86)\activefax\server\actfax.exe] => (Allow) C:\program files (x86)\activefax\server\actfax.exe
FirewallRules: [UDP Query User{63357AAB-DCC6-410D-84BD-E14E62EDCCB9}C:\program files (x86)\activefax\server\actfax.exe] => (Allow) C:\program files (x86)\activefax\server\actfax.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{FC0A520A-EF5C-47E3-A8D9-C335511ECAE7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4928BE78-49CD-4A09-8BEB-851734DC7FA4}] => (Allow) LPort=2869
FirewallRules: [{DEC0B2AC-5100-47B0-933D-859DF868B8C8}] => (Allow) LPort=1900
FirewallRules: [{F6AFAE60-923D-4A40-979B-C9E90336758B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89CAF790-1AAD-456A-BE78-D1AA8B7528F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{34D9C93D-7945-452D-A1CB-489E9AC6FCD4}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe
FirewallRules: [{182862CD-E88F-4BAD-9DC2-5E127124541F}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe
FirewallRules: [{954C97F9-CDF3-461B-B073-AA55FBC5ACA6}] => (Allow) LPort=5454
FirewallRules: [{58D3CB79-BF6F-4137-A539-C02F834E4C81}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{3D7EC8F8-3F6D-4365-96FD-4071CA9CCB25}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{0034E716-F12C-4D0F-8194-4F4B0F3770B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03C157FB-5ABB-4B1B-B6BB-B9F02852752D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{ED41FF01-8B46-4A3F-879E-3DFAAAA6C323}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CB7EDA2E-518B-4F13-8161-55671E43ADE1}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{53B04B80-BB46-4AF5-BDFF-188BD6F9FE00}] => (Allow) C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{580A44EF-36EF-48EC-8169-E6A65518457E}] => (Allow) C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2ED531E8-F8E8-4034-B9E0-4C75A8A8E99C}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{5230AB06-CAB6-4B69-B503-D112444479BE}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{5ACD81BE-BD6F-4804-9749-5811B1AC2556}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{95B91258-080C-4FE2-8A34-DD1B8E1C7456}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{AB479857-E3E6-46A9-84EB-3C6A3EC89330}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{037B0521-BFB1-4E6C-A51F-99CB250950E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2DC5D70F-7AE7-4679-841E-2E7B6664BF14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F4797BD2-AD2F-4480-B93B-BDE6D8DE4857}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{76630E6B-CED7-4249-BC59-C387D0D1C38D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F7B9B5F2-6C7B-4009-8DBA-9EBCD704DB0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A1FF33F-C34D-46A1-8C30-EC381969D149}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68C79E00-53E9-4B2D-BD11-E1C445DD4CFC}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{A3268767-BBD4-4F54-AE0D-76DC667FFC84}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{4668812C-F2A2-4610-9D82-C1A1AC1A337D}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{7754368B-38A5-4A25-91A7-2D6B69AA96D0}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{42AAA4EA-C94C-4D59-9D08-A75B4CA4154A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================


12-10-2016 03:00:33 Windows Update
12-10-2016 09:33:21 Windows Update
12-10-2016 12:26:34 Windows Update
12-10-2016 15:09:15 Windows Update
12-10-2016 16:45:10 Windows Update
12-10-2016 17:15:22 Windows Update
13-10-2016 03:00:18 Windows Update
14-10-2016 03:00:18 Windows Update


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (10/13/2016 03:07:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Error: (10/12/2016 05:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Error: (10/12/2016 04:49:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Error: (10/12/2016 04:33:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550.


Error: (10/12/2016 04:33:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Error: (10/12/2016 04:12:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.


Error: (10/12/2016 04:12:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (948) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).


Error: (10/12/2016 04:11:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.


Error: (10/12/2016 04:11:53 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (948) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).


Error: (10/12/2016 04:11:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.




System errors:
=============
Error: (10/13/2016 03:08:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


Error: (10/12/2016 05:23:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


Error: (10/12/2016 04:49:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


Error: (10/12/2016 04:33:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The spiceworks service terminated unexpectedly. It has done this 1 time(s).


Error: (10/12/2016 04:33:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


Error: (10/12/2016 03:31:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}


Error: (10/12/2016 03:31:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}


Error: (10/12/2016 03:24:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.


Error: (10/12/2016 03:23:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


Error: (10/12/2016 03:23:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.




CodeIntegrity:
===================================
Date: 2016-10-14 03:18:17.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-14 03:18:17.282
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-14 03:18:16.923
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-13 03:35:30.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-13 03:35:29.767
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-13 03:35:29.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-12 19:42:22.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-12 19:42:21.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-12 19:42:21.342
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


Date: 2016-10-12 19:42:20.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.




==================== Memory info ===========================


Processor: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 8125.93 MB
Available physical RAM: 4736.18 MB
Total Virtual: 16250.05 MB
Available Virtual: 12768.07 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:465.66 GB) (Free:325.56 GB) NTFS
Drive f: (MW_Data_Drive) (Fixed) (Total:931.51 GB) (Free:812.11 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DA7E7D93)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)


========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: C7D7A77E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
Well, that WAS the main issue but it seems like a symptom of a wider problem with the operating system. I know a fresh install would fix that but I cringe at the time and hassle involved. Hope that helps.
 
Main problems at a very quick first glance:

- mcafee antivirus seems disabled (did you disable it on purpose? Or did something obscure disable it?)
- "Function Discovery Provider Host service" failed to start (and the services that depend from it, too)
- "server service" failed to start (and the services that depend from it, too)
- did you modify the hosts file (like it seems)? Or did something obscure do it for you?
- are you using a proxy?
- do you know these tasks in a strange location?
Task: {05640D68-9206-4FFC-BA3A-F5E49763F1B3} - System32\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7} => C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp\XRD Manager.exe <==== ATTENTION
Task: {6BEDE3A7-994F-4002-A388-91300E02ABB0} - System32\Tasks\{25DB5D40-61F2-4B32-BDC0-A8A65D8F0741} => pcalua.exe -a C:\Users\Rick\Desktop\TEMP\Setup.exe -d C:\Users\Rick\Desktop\TEMP <==== ATTENTION​
Task: {A7A43138-16B1-43EA-B982-BEE87200E969} - System32\Tasks\{FE9D2B2A-B4E7-4560-AE02-D04C1F11A5B4} => pcalua.exe -a "C:\Users\Rick\AppData\Local\Temp\Temp2_tsg (3).zip\tsg.exe" <==== ATTENTION
- and these windows variables?
AI_SETUPEXEPATH=C:\Users\Rick\AppData\Local\Temp\is-R2E07.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Rick\AppData\Local\Temp\is-R2E07.tmp <==== ATTENTION
AI_SETUPEXEPATH=C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Rick\AppData\Local\Temp\is-G3AUI.tmp <==== ATTENTION​

If you don't know those tasks and variables, I suggest you to take a tour with Corrine or BrianDrab (or another malware expert) in the security arena sub-forum (click), but before you post a new topic there, read malware removal posting instructions (click).
 
  • Mcafee was disabled so I could run the security scan (RGSA.exe). It was re-enabled right after that.
  • Don't know anything about Function Discovery, Server service, etc. but this seems symptomatic as many system level things don't seem to be running right.
  • Don't even know how to modify the hosts file.
  • I don't think I am using a proxy. Connecting to internet through cable with fairly automatic settings.
  • XRD Manager is for X-Rite which is a monitor calibration tool and service running in the background.
  • According to a quick Google search, pcalua.exe is the Program Compatibility Assistant. "The Program Compatibility Assistant is an automatic feature ofWindows that runs when it detects an older program has a compatibility problem." I don't know anything about it.
 
I forgot this question: did you modify your MSIE security settings?
Read More:


MKWest said:
  • Mcafee was disabled so I could run the security scan (RGSA.exe). It was re-enabled right after that.
Click to expand...
It seems it's still disabled

MKWest said:
  • Don't even know how to modify the hosts file.
  • I don't think I am using a proxy. Connecting to internet through cable with fairly automatic settings.
Click to expand...

Check:
Read More:

MKWest said:
  • XRD Manager is for X-Rite which is a monitor calibration tool and service running in the background.
Click to expand...

And why does it act as a malware, having exe files in temp folders? ;)
Could you remove it and install it at any time (possibly, when we have solved the problem, if it is possible to solve it)?
 
xilolee said:
I forgot this question: did you modify your MSIE security settings?
Read More:


MKWest said:
  • Mcafee was disabled so I could run the security scan (RGSA.exe). It was re-enabled right after that.
Click to expand...
It seems it's still disabled I Ran the scans and posted those and then re-enabled McAfee. I haven't posted a new scan since then.

MKWest said:
  • Don't even know how to modify the hosts file.
  • I don't think I am using a proxy. Connecting to internet through cable with fairly automatic settings.
Click to expand...

Check:
Read More:

MKWest said:
  • XRD Manager is for X-Rite which is a monitor calibration tool and service running in the background.
Click to expand...

And why does it act as a malware, having exe files in temp folders? ;)
Could you remove it and install it at any time (possibly, when we have solved the problem, if it is possible to solve it)?
Click to expand...
Not sure about the XRD Manager executable in the temp drive. Then again, it does not appear that the /is-G3AUI.tmp/ exists anymore. So, this might have been an old entry or something. Yes, I can re-install it as long as I save the monitor profile as I don't have access to the calibration hardware at the moment.
 
Did you set a static IP (in tcp/ipV4 properties of your internet connection)?


Open taskschd.msc and remove ONLY those three entries (I posted in 4th post).
Then open Control Panel\System and Security\System, click advanced system settings, click environment variables, remove ONLY AI_SETUPEXEPATH variables (from every section).
Open MSIE and reset it from tools, internet options, advanced tab, reset (tick also "delete personal settings).
Finally, try this command (from an elevated command prompt):
esentutl /g c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Click to expand...

I got:
Code: 
C:\>esentutl /g c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 10.0
Copyright (C) Microsoft Corporation. All Rights Reserved.
Initiating INTEGRITY mode...
        Database: c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
  Temp. Database: .\TEMPINTEG3052.EDB
Checking database integrity.
                     Scanning Status (% complete)
          0    10   20   30   40   50   60   70   80   90  100
          |----|----|----|----|----|----|----|----|----|----|
          ...................................................

[COLOR=#B22222][B]Integrity check successful[/B][/COLOR].
Operation completed successfully in 19.859 seconds.
 
Last edited:
OK, I did all that though I couldn't find any AI_SETUPEXEPATH variables anywhere under environment variables.

Result of scan:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.


C:\Windows\system32>esentutl /g c:\windows\System32\catroot2\{F750E6C3-38EE-11D1
-85E5-00C04FC295EE}\catdb


Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.


Error: Access to source database 'c:\windows\System32\catroot2\{F750E6C3-38EE-11
D1-85E5-00C04FC295EE}\catdb' failed with Jet error -1032.


Operation terminated with error -1032 (JET_errFileAccessDenied, Cannot access fi
le, the file is locked or in use) after 20.46 seconds.








C:\Windows\system32>
 
OK, ran it in Safe Mode and it worked:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.


C:\Users\Rick>esentutl /g c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-
00C04FC295EE}\catdb


Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.


Initiating INTEGRITY mode...
Database: c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC2
95EE}\catdb
Temp. Database: TEMPINTEG1780.EDB


Checking database integrity.


Scanning Status (% complete)


0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|----|----|----|----|----|
...................................................




Integrity check successful.


Operation completed successfully in 2.44 seconds.
 
Still here...

MKWest said:
BTW, my mother was born in Mammola in Calabria.
Click to expand...
;)

Run this (unique) command from an elevated command prompt and post its result here:
(((sc query lanmanserver & sc qc lanmanserver & sc query fdphost & sc qc fdphost & sc query cryptsvc & sc qc cryptsvc) |findstr /i /c:"state" /c:"able" /c:"y_n" /c:"e_n" /c:"t_t") & winmgmt /verifyrepository) > "%userprofile%\desktop\Services.txt" & notepad "%userprofile%\desktop\Services.txt"
Click to expand...
(Services.txt should be created on your desktop, notepad should open it automatically)

I get (but I'm using Win10Hx64):
Read More:
When you open msconfig, do you get this?
Read More:
 
Last edited:
I get:



SERVICE_NAME: lanmanserver
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
SERVICE_NAME: lanmanserver
START_TYPE : 2 AUTO_START
DISPLAY_NAME : Server
SERVICE_NAME: fdphost
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
SERVICE_NAME: fdphost
START_TYPE : 3 DEMAND_START
DISPLAY_NAME : Function Discovery Provider Host
SERVICE_NAME: cryptsvc
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
SERVICE_NAME: cryptsvc
START_TYPE : 3 DEMAND_START
DISPLAY_NAME : Cryptographic Services


C:\Windows\system32>

The only thing in Services.txt is:

WMI repository is consistent



Regarding MSCONFIG, I did the last time I checked on Thursday or Friday but now it is set to :

Under General:

Selective Startup
Load system services checked
Load startup items has a blue square
use original boot configuration is greyed out.

Under Boot:

Same as yours except Windows 7 and the timeout is 30 seconds instead of 0 seconds
 
I forgot two parenthesys... Edited, it works now (too late, I know).

In msconfig:
  • go to startup tab, click enable all, click apply
  • go to services tab, untick hide all Microsoft services, click enable all, click apply
  • go to general tab, select normal startup, click apply/ok
  • reboot Windows

If it still shows "selective startup", re-try those steps.
 
Did that and it no longer says "selective startup". I have to take off but post whatever else you want me to do and go get some sleep and I'll take it up in the morning.

Cheers,

Rick
 
Won't start. Same problem. I am going to run the MBAM cleaner twice in Safe Mode as per TwinHeadedEale on the MalwareBytes forum and run new FRST reports first.

Thanks
 
In case you are interested:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Rick (administrator) on RICK-PC (18-10-2016 09:28:19)
Running from C:\Users\Rick\Desktop
Loaded Profiles: Rick (Available Profiles: Rick & Angela & McAfeeMVSUser & tsgadmin & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ActFax Communication) C:\Program Files (x86)\ActiveFax\Server\ActSrvNT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(Spiceworks, Inc.) C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Apache Software Foundation) C:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Prosoftnet) C:\IDrive\id_bglaunch.exe
(Prosoftnet) C:\IDrive\id_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Prosoftnet) C:\IDrive\id_service.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-09-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-09-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2013-01-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [353728 2011-06-17] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [MVS Splash] => C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [481648 2014-12-04] ()
HKLM-x32\...\Run: [IDrive Background process] => C:\IDrive\id_bglaunch.exe [72968 2016-04-14] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\IDrive\id_tray.exe [2072328 2016-04-14] (Prosoftnet)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\MountPoints2: {097c9a82-ff0b-11e4-a5d5-6805ca128c68} - G:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\MountPoints2: {301cee12-81e6-11e4-b7f5-6805ca128c68} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\MountPoints2: {de485333-c7da-11e4-ac2e-6805ca128c68} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_554F09F6EF2194379EF187460292DAF5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [966760 2016-09-24] (Google Inc.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\IDrive\IDSyncIntIcon64.dll [2016-04-11] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\IDrive\IDSyncIntIcon64.dll [2016-04-11] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\IDrive\IDSyncIntIcon64.dll [2016-04-11] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2015-05-18]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk [2014-11-14]
ShortcutTarget: i1Profiler Tray.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk [2014-11-14]
ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => localhost:8080
ProxyServer: [S-1-5-21-2900652731-1545930263-437072239-1000] => localhost:8080
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C30C15E0-2A94-4E1D-A1D3-121E034D75EE}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{C81F95AF-44ED-4FEB-9672-24947A29310F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20151112113009.dll [2013-12-17] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20151112113009.dll [2013-12-17] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2900652731-1545930263-437072239-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {037790A6-1576-11D6-903D-00105AABADD3} hxxps://www.ussco.com/bluezone/controls/sglw2hcm.ocx
DPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx
DPF: HKLM-x32 {76A99961-126B-48C5-AADB-E239EECF71D5} hxxps://www.mydlink.com/8D/activeX//DCS-93x/H264PlugLiteDL.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default [2016-10-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ag9lcl8s.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ag9lcl8s.default -> Google
FF Extension: (Grammarly for Firefox) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-10-05]
FF Extension: (LogMeIn, Inc. Remote Access Plugin) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default\Extensions\LogMeInClient@logmein.com [2014-11-04] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ag9lcl8s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-12]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2016-02-02] [not signed]
FF Extension: (McAfee SiteAdvisor Enterprise) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B7082FAA-CB62-4872-9106-E42DD88EDE45} [2016-09-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-01-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll [2014-03-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-01-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rick\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2900652731-1545930263-437072239-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-20] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll => No File
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-28]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Web Developer) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-04-13]
CHR Extension: (McAfee SiteAdvisor Enterprise) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj [2015-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-05]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-04-13]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (HubSpot Sales) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-10-14]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ActiveFaxServiceNT; C:\Program Files (x86)\ActiveFax\Server\ActSrvNT.exe [1529024 2013-02-19] (ActFax Communication)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-09-13] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 IDriveService; C:\IDrive\id_service.exe [154888 2016-04-14] (Prosoftnet)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-09-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-09-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [161128 2014-03-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2013-12-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2013-12-17] (McAfee, Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [296400 2014-04-25] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-09-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-09-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-09-13] (NVIDIA Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1000896 2011-06-17] (Cyber Power Systems, Inc.)
R2 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [47344 2016-04-01] (Spiceworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2014-06-23] (X-Rite Inc.)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [75360 2016-08-04] ()
S3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
S3 kc02us_bus; C:\Windows\System32\DRIVERS\kc02us_bus64.sys [51608 2012-06-20] (Kyocera Corporation)
S3 kc02us_mdm; C:\Windows\System32\DRIVERS\kc02us_mdm64.sys [73624 2012-06-20] (Kyocera Corporation)
S3 kc02us_serd; C:\Windows\System32\DRIVERS\kc02us_serd64.sys [66968 2012-06-20] (Kyocera Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2013-12-17] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2013-12-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2013-12-17] (McAfee, Inc.)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows (R) Win 7 DDK provider)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-03] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-09-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-09-13] (NVIDIA Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-07-11] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2014-07-11] (Nicomsoft Ltd.) [File not signed]
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2014-11-26] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2014-11-26] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 17:36 - 2016-10-17 17:36 - 00000029 _____ C:\Users\Rick\Desktop\Services.txt
2016-10-17 17:10 - 2016-10-17 17:10 - 00002047 _____ C:\Users\Rick\catdb.INTEG.RAW
2016-10-17 17:09 - 2016-10-18 09:21 - 00463964 _____ C:\Windows\ntbtlog.txt
2016-10-17 17:02 - 2016-10-17 17:11 - 00001047 _____ C:\Users\Rick\Desktop\temp.txt
2016-10-17 15:18 - 2016-10-17 15:18 - 00288078 _____ C:\Users\Rick\Downloads\IC-718_brochure.pdf
2016-10-17 12:25 - 2016-10-17 12:25 - 08244656 _____ (Piriform Ltd) C:\Users\Rick\Downloads\ccsetup522.exe
2016-10-17 12:04 - 2016-10-17 12:05 - 00001099 _____ C:\Users\Rick\Desktop\SALog.txt
2016-10-17 12:04 - 2016-10-17 12:04 - 00899072 _____ C:\Users\Rick\Desktop\RGSA.exe
2016-10-17 10:09 - 2016-10-17 10:09 - 00000000 ____D C:\Users\Rick\AppData\Roaming\NVIDIA
2016-10-14 12:15 - 2016-10-14 12:15 - 00000000 ____D C:\Users\Rick\AppData\Local\NVIDIA
2016-10-14 12:15 - 2016-10-14 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-14 12:15 - 2016-09-13 14:08 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-14 12:14 - 2016-09-12 11:03 - 00616504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-14 12:10 - 2016-09-13 14:08 - 00113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-10-14 12:10 - 2016-09-13 14:08 - 00102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-14 12:10 - 2016-09-13 14:08 - 00056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-14 11:20 - 2016-09-13 14:08 - 00080832 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-10-14 11:20 - 2016-09-13 14:08 - 00067520 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-10-14 11:20 - 2016-09-12 13:00 - 06790080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-14 11:20 - 2016-09-12 13:00 - 03529152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-14 11:20 - 2016-09-12 13:00 - 02558328 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-14 11:20 - 2016-09-12 13:00 - 00932912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-10-14 11:20 - 2016-09-12 13:00 - 00384888 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-14 11:20 - 2016-09-12 13:00 - 00062512 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-14 11:20 - 2016-09-07 05:14 - 07350875 _____ C:\Windows\system32\nvcoproc.bin
2016-10-14 11:11 - 2016-09-13 14:08 - 31522240 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 24207296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 18634032 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 16128536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 13916744 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 12910136 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-14 11:11 - 2016-09-13 14:08 - 11272192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 00915392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-14 11:11 - 2016-09-13 14:08 - 00026157 _____ C:\Windows\system32\nvinfo.pb
2016-10-14 11:10 - 2016-09-13 14:08 - 23000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 17559384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 15302712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 14497528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 13827992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 11209336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 04252608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 03994560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 03211760 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 02826176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 01908088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434198.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 01557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434198.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 00952256 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 00910272 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-14 11:10 - 2016-09-13 14:08 - 00878648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-14 11:00 - 2016-10-14 11:02 - 306676848 _____ (NVIDIA Corporation) C:\Users\Rick\Downloads\341.98-desktop-win8-win7-winvista-64bit-international.exe
2016-10-14 10:54 - 2016-10-14 10:54 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-14 10:53 - 2016-10-14 10:53 - 00000000 ____D C:\Program Files\Java
2016-10-14 10:50 - 2016-10-14 10:50 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-14 10:50 - 2016-10-14 10:50 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-14 09:19 - 2016-10-18 09:28 - 00000000 ____D C:\Users\Rick\Desktop\FRST-OlderVersion
2016-10-12 17:50 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 17:49 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 17:49 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 17:49 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 17:49 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 17:49 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 17:49 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 17:49 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 17:49 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 17:49 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 17:49 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 17:49 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 17:49 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 17:49 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 17:49 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 17:49 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 17:49 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 17:49 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 17:49 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 17:49 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 17:49 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 17:49 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 17:49 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 17:49 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 17:49 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 17:49 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 17:49 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 17:49 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 17:49 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 17:49 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 17:49 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 17:49 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 17:49 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 17:49 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 17:49 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 17:49 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 17:49 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 17:49 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 17:49 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 17:49 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 17:49 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 17:49 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 17:49 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 17:49 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 17:49 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 17:49 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 17:49 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 17:49 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 17:49 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 17:49 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 17:49 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 17:49 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 17:49 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 17:49 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 17:49 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 17:49 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 17:49 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 17:49 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 17:49 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 17:49 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 17:49 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 17:49 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 17:49 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 17:49 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 17:49 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 17:49 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 17:49 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 17:49 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 17:49 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 17:49 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 17:49 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 17:49 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 17:49 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 17:49 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 17:49 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 17:49 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 17:49 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 17:49 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 17:49 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 17:49 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 17:49 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 17:49 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 17:49 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 17:49 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 17:49 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 17:49 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 17:49 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 17:49 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 17:49 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 17:49 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 17:49 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 17:49 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 17:49 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 17:49 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 17:49 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 17:49 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 17:49 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 17:49 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 17:49 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:49 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 17:49 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 17:49 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 17:49 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 17:39 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 17:39 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-12 17:15 - 2016-10-12 17:15 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-12 17:14 - 2016-10-12 17:14 - 00566128 _____ (Malwarebytes) C:\Users\Rick\Desktop\mbam-clean-2.3.0.1001.exe
2016-10-12 16:44 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 16:44 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 16:44 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-12 15:48 - 2016-10-12 15:48 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RICK-PC-Windows-7-Professional-(64-bit).dat
2016-10-12 15:48 - 2016-10-12 15:48 - 00000000 ____D C:\RegBackup
2016-10-12 15:02 - 2016-10-12 15:02 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-10-12 15:02 - 2016-10-12 15:02 - 00002159 _____ C:\Users\Rick\Desktop\Tweaking.com - Windows Repair.lnk
2016-10-12 15:02 - 2016-10-12 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-10-12 15:01 - 2016-10-12 15:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-10-12 11:59 - 2016-10-14 09:24 - 00068560 _____ C:\Users\Rick\Desktop\Addition.txt
2016-10-12 10:44 - 2016-10-18 09:29 - 00035766 _____ C:\Users\Rick\Desktop\FRST.txt
2016-10-12 10:43 - 2016-10-18 09:28 - 02407424 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe
2016-10-11 10:21 - 2016-10-11 12:09 - 00000000 _____ C:\Users\Rick\Desktop\CHKDSKResults.txt
2016-10-10 17:27 - 2016-10-17 17:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-10-10 17:27 - 2016-10-10 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-10 17:27 - 2016-10-10 17:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-10-10 12:34 - 2016-10-18 09:28 - 00000000 ____D C:\FRST
2016-10-10 12:15 - 2016-10-10 12:26 - 00000000 ____D C:\AdwCleaner
2016-10-10 12:15 - 2016-10-10 12:15 - 03874368 ____N C:\Users\Rick\Downloads\adwcleaner_6.021.exe
2016-10-10 11:46 - 2016-10-15 17:31 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-10 11:46 - 2016-10-11 15:04 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-10 11:44 - 2016-10-10 11:44 - 01198288 ____N (Adobe Systems Incorporated) C:\Users\Rick\Downloads\flashplayer23pp_fa_install.exe
2016-10-10 11:24 - 2016-10-10 11:24 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 11:57 - 2016-10-06 11:57 - 00012776 _____ C:\Users\Rick\Downloads\Logins-Instructions.xlsx
2016-10-06 09:48 - 2016-10-06 09:49 - 00000085 _____ C:\Windows\wininit.ini
2016-10-06 09:26 - 2016-10-06 09:26 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1475771156
2016-10-06 09:26 - 2016-10-06 09:26 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-10-06 09:26 - 2016-10-06 09:26 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Opera Software
2016-10-06 09:26 - 2016-10-06 09:26 - 00000000 ____D C:\Users\Rick\AppData\Local\Opera Software
2016-10-06 09:25 - 2016-10-07 09:26 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-06 09:21 - 2016-10-06 09:21 - 01137296 _____ (Opera Software) C:\Users\Rick\Downloads\OperaSetup.exe
2016-10-05 15:56 - 2016-10-18 09:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-05 13:51 - 2016-10-18 09:04 - 00000000 ____D C:\Users\Rick\Desktop\Tools
2016-10-05 13:17 - 2016-10-05 13:41 - 00000000 ____D C:\EEK
2016-10-05 11:41 - 2016-03-28 09:23 - 00000859 _____ C:\Windows\system32\Drivers\etc\hosts.20161005-114147.backup
2016-10-05 10:09 - 2016-10-05 10:09 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-10-05 10:07 - 2016-10-06 09:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-05 10:07 - 2016-10-06 09:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-04 18:36 - 2016-10-17 12:34 - 00000000 ____D C:\Users\Rick\Documents\Registry Backup
2016-10-04 18:33 - 2016-10-17 12:25 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-04 18:33 - 2016-10-17 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-04 18:19 - 2016-10-04 18:31 - 00005150 _____ C:\Users\Rick\Desktop\Rkill.txt
2016-10-04 17:36 - 2016-10-04 17:36 - 00000000 ____D C:\Users\Rick\Desktop\JkDefrag64-3.36
2016-10-04 16:40 - 2016-10-04 16:40 - 00000000 ____D C:\Program Files\stinger
2016-10-04 16:32 - 2016-10-04 16:32 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Real
2016-10-04 16:29 - 2016-10-04 16:29 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Apple
2016-10-04 16:25 - 2016-10-04 16:25 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\X-Rite
2016-10-04 16:24 - 2016-10-04 16:25 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Adobe
2016-10-04 16:24 - 2016-10-04 16:24 - 00128816 _____ C:\Users\tsgadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 16:24 - 2016-10-04 16:24 - 00001413 _____ C:\Users\tsgadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\McAfee
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Adobe
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\NVIDIA
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\LogMeIn
2016-10-04 16:24 - 2016-10-04 16:24 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Aimersoft
2016-10-04 16:23 - 2016-10-04 16:24 - 00000000 ___RD C:\Users\tsgadmin\Virtual Machines
2016-10-04 16:23 - 2016-10-04 16:23 - 00002255 _____ C:\Users\tsgadmin\Desktop\Google Chrome.lnk
2016-10-04 16:23 - 2016-10-04 16:23 - 00000020 ___SH C:\Users\tsgadmin\ntuser.ini
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\My Documents
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\Documents\My Videos
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\Documents\My Pictures
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 _SHDL C:\Users\tsgadmin\Documents\My Music
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\VirtualStore
2016-10-04 16:23 - 2016-10-04 16:23 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Google
2016-10-04 16:22 - 2016-10-04 16:23 - 00000000 ____D C:\Users\tsgadmin
2016-10-04 16:22 - 2013-08-20 11:12 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Macromedia
2016-10-04 16:22 - 2013-01-21 16:13 - 00000000 ____D C:\Users\tsgadmin\AppData\Local\Microsoft Help
2016-10-04 16:22 - 2011-04-12 01:28 - 00000000 ____D C:\Users\tsgadmin\AppData\Roaming\Media Center Programs
2016-10-04 14:20 - 2016-10-04 14:20 - 00000000 ____D C:\Program Files\McAfee
2016-10-04 14:15 - 2016-10-04 16:34 - 00000000 ____D C:\Windows\pss
2016-10-04 14:09 - 2016-10-04 18:33 - 00000000 ____D C:\Program Files\CCleaner
2016-10-04 14:09 - 2016-10-04 14:09 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-04 10:30 - 2016-10-04 10:30 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-10-04 10:30 - 2016-10-04 10:30 - 00000000 ____D C:\Users\Guest
2016-09-26 11:50 - 2016-10-04 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 09:27 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-09-21 09:27 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-09-21 09:27 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-21 09:27 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-21 09:27 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-21 09:27 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-21 09:27 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-09-21 09:27 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-21 09:27 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-09-21 09:27 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-09-21 09:27 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-09-21 09:27 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-21 09:27 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-21 09:27 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-09-21 09:27 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-21 09:27 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-21 09:27 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-21 09:27 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-09-21 09:27 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-09-21 09:27 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-09-21 09:27 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-09-21 09:27 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-09-21 09:27 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-09-21 09:27 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-09-21 09:27 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-09-21 09:27 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-09-21 09:26 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-09-21 09:26 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-09-21 09:26 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-09-21 09:26 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-09-21 09:26 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-09-21 09:26 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-09-21 09:26 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-09-21 09:26 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-09-21 09:26 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-09-21 09:26 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-09-21 09:26 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-09-21 09:26 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-09-21 09:26 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-09-21 09:25 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-21 09:25 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-21 09:25 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-09-21 09:25 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-21 09:25 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-21 09:25 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-21 09:25 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-21 09:25 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-18 09:30 - 2013-02-25 09:40 - 00000000 ____D C:\ProgramData\LogMeIn
2016-10-18 09:28 - 2014-04-23 14:23 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000.job
2016-10-18 09:28 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-18 09:28 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-18 09:26 - 2015-06-01 13:47 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000.job
2016-10-18 09:24 - 2013-08-20 12:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-18 09:23 - 2014-01-26 13:00 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-10-18 09:23 - 2013-09-09 09:55 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2016-10-18 09:23 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-18 09:17 - 2016-04-15 15:48 - 00000000 ___RD C:\Users\Rick\Documents\Outlook Files
2016-10-18 09:05 - 2013-08-20 12:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-18 09:04 - 2013-01-18 15:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-18 08:20 - 2015-06-16 09:13 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA.job
2016-10-18 08:00 - 2014-11-14 14:57 - 00000388 _____ C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2016-10-18 06:31 - 2016-04-15 15:39 - 00000000 ____D C:\ProgramData\IDrive
2016-10-17 17:12 - 2015-12-29 12:19 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job
2016-10-17 17:12 - 2015-06-16 09:13 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job
2016-10-17 17:12 - 2013-01-16 15:12 - 00000000 ____D C:\Users\Rick\AppData\Local\Adobe
2016-10-17 17:10 - 2013-01-16 13:04 - 00000000 ____D C:\Users\Rick
2016-10-17 12:33 - 2014-10-24 12:23 - 00000000 ____D C:\Users\Rick\AppData\Roaming\TeamViewer
2016-10-17 12:32 - 2013-03-13 17:14 - 00000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2016-10-17 12:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-10-15 17:31 - 2013-01-18 15:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-14 17:12 - 2014-12-23 10:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-14 17:11 - 2015-05-18 09:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-14 12:17 - 2014-03-11 11:10 - 00000000 ____D C:\Users\Rick\AppData\Local\NVIDIA Corporation
2016-10-14 12:16 - 2013-01-16 13:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-14 12:15 - 2014-02-28 09:45 - 00000000 ____D C:\temp
2016-10-14 12:15 - 2013-01-16 13:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-14 12:15 - 2013-01-16 13:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-14 11:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-10-14 10:55 - 2016-02-15 13:08 - 00000000 ____D C:\Users\Rick\.oracle_jre_usage
2016-10-14 10:54 - 2014-10-27 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-14 10:52 - 2013-11-18 10:22 - 00000000 ____D C:\ProgramData\Oracle
2016-10-13 04:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-13 03:22 - 2015-11-12 17:37 - 00000000 ____D C:\Users\McAfeeMVSUser
2016-10-13 03:15 - 2009-07-13 22:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-13 03:07 - 2009-07-13 21:45 - 05144256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 16:46 - 2014-12-10 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 16:46 - 2014-04-29 17:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-12 16:32 - 2013-01-16 14:35 - 00128816 _____ C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-12 12:29 - 2013-01-18 12:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 12:29 - 2013-01-18 12:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 09:39 - 2013-01-18 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 03:21 - 2013-07-22 20:21 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 03:04 - 2013-01-16 17:07 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 15:04 - 2013-01-18 15:58 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 15:04 - 2013-01-18 15:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-11 15:04 - 2013-01-18 15:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 15:04 - 2013-01-18 15:57 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-10 12:25 - 2016-03-21 10:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-10-10 11:24 - 2014-10-01 13:53 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Dropbox
2016-10-06 11:10 - 2013-01-21 16:54 - 00000000 ____D C:\Users\Rick\Documents\My Scans
2016-10-06 11:10 - 2010-10-21 12:40 - 00000000 ____D C:\Users\Public\Documents\ImageConverter Plus
2016-10-05 15:28 - 2014-01-22 10:54 - 00739904 _____ (Oracle Corporation) C:\Users\Rick\Downloads\jxpiinstall.exe
2016-10-05 12:49 - 2015-05-22 17:33 - 00000000 ____D C:\Program Files (x86)\webrec
2016-10-05 11:59 - 2013-10-04 09:26 - 00000000 ____D C:\Users\Rick\AppData\Local\Citrix
2016-10-05 11:41 - 2009-07-13 19:34 - 00450741 ____R C:\Windows\system32\Drivers\etc\hosts.20161006-094812.backup
2016-10-05 10:20 - 2015-07-21 03:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-04 16:34 - 2014-05-06 10:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-04 16:32 - 2013-03-15 13:40 - 00000000 ____D C:\ProgramData\Real
2016-10-04 16:13 - 2015-06-12 09:48 - 00000000 ____D C:\Windows\Minidump
2016-10-04 16:13 - 2013-02-19 16:45 - 00000000 ___DC C:\Users\Rick\AppData\Local\MigWiz
2016-10-04 16:13 - 2013-01-16 13:53 - 00000000 ____D C:\Windows\Panther
2016-10-04 16:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\ModemLogs
2016-10-04 16:12 - 2016-09-14 12:35 - 00003490 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Rick
2016-10-04 16:12 - 2016-09-14 12:35 - 00003482 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Rick
2016-10-04 16:12 - 2016-09-14 12:35 - 00003190 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Rick
2016-10-04 16:12 - 2016-09-12 09:18 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2016-09-12 09:18 - 00003202 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2016-09-06 16:17 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2016-09-06 16:17 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 16:12 - 2013-03-15 14:51 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000
2016-10-04 15:35 - 2015-10-13 08:48 - 00003574 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade
2016-10-04 15:34 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-04 14:16 - 2013-01-21 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-04 09:10 - 2016-09-06 09:34 - 00000000 ___RD C:\Users\Rick\Dropbox
2016-10-03 16:07 - 2013-08-20 12:37 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 15:14 - 2015-06-01 13:47 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000
2016-10-03 15:14 - 2014-04-23 14:23 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000
2016-09-30 09:08 - 2015-06-16 09:13 - 00000000 ____D C:\Users\Rick\AppData\Local\Dropbox
2016-09-26 10:05 - 2015-05-13 15:17 - 00000000 ____D C:\Users\Rick\AppData\Roaming\TinyTake by MangoApps
2016-09-21 11:16 - 2013-02-19 16:10 - 00000000 ___RD C:\Users\Rick\Virtual Machines
2016-09-21 11:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-21 11:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-09-21 09:39 - 2013-01-16 16:25 - 00780998 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-09-20 16:19 - 2013-02-25 09:39 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-09-20 16:18 - 2013-02-25 09:40 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-09-20 16:18 - 2013-02-25 09:40 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

==================== Files in the root of some directories =======

2015-01-07 11:01 - 2015-01-07 11:01 - 0000033 _____ () C:\Users\Rick\AppData\Roaming\AdobeWLCMCache.dat
2013-03-04 17:22 - 2013-03-04 17:22 - 0038431 _____ () C:\Users\Rick\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-11-14 15:49 - 2014-11-17 15:50 - 0007606 _____ () C:\Users\Rick\AppData\Local\resmon.resmoncfg
2013-01-18 14:13 - 2013-01-18 14:13 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 00:47

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Rick (18-10-2016 09:30:33)
Running from C:\Users\Rick\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-01-16 20:04:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2900652731-1545930263-437072239-500 - Administrator - Disabled)
Angela (S-1-5-21-2900652731-1545930263-437072239-1002 - Administrator - Enabled) => C:\Users\Angela
Guest (S-1-5-21-2900652731-1545930263-437072239-501 - Limited - Enabled) => C:\Users\Guest
McAfeeMVSUser (S-1-5-21-2900652731-1545930263-437072239-1004 - Limited - Enabled) => C:\Users\McAfeeMVSUser
Rick (S-1-5-21-2900652731-1545930263-437072239-1000 - Administrator - Enabled) => C:\Users\Rick
tsgadmin (S-1-5-21-2900652731-1545930263-437072239-1006 - Administrator - Enabled) => C:\Users\tsgadmin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee® Security-as-a-Service (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee® Security-as-a-Service (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee® Security-as-a-Service (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
ActiveFax (HKLM-x32\...\ActiveFax) (Version: - )
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Aimersoft DRM Media Converter(Build 1.5.6.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Amazon Kindle (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AniTa Terminal (HKLM-x32\...\AniTa Terminal) (Version: - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997880606.48.56.35851498 - Audible, Inc.)
Beyond Compare Version 3.3.5 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)
Brother P-touch Address Book 1.1 (HKLM-x32\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.100 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (x32 Version: 1.1.100 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM-x32\...\InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.110 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (x32 Version: 5.0.110 - Brother Industries, Ltd.) Hidden
Brother QL-Series Software User's Guide (HKLM-x32\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
CyberPower PowerPanel Personal Edition 1.3.2 (HKLM-x32\...\{6984B5E1-721C-4F8E-BF5A-ED5F45D90EB6}) (Version: 1.3.2 - Cyber Power Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Dell System Detect (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dropbox (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Dropbox) (Version: 11.4.22 - Dropbox, Inc.)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
EZPrint (HKLM-x32\...\{967A179C-0051-44F9-B37F-5438556A664E}) (Version: 1.0.0 - IIT)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 7.24.0.5636 (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\GoToMeeting) (Version: 7.24.0.5636 - CitrixOnline)
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.5.6 - X-Rite)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Ipswitch WS_FTP Professional 2007 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.1.0000 - Ipswitch)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\Juniper_Setup_Client) (Version: 7.4.12.47753 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
KYOCERA USB Modem KC02US Driver (HKLM\...\{E2C3C89F-23CC-4C39-A900-6139F65B1557}) (Version: 1.02.0000 - KYOCERA Corporation)
Lightroom 4.4 (HKLM-x32\...\{3c5418ff-7dea-4a37-8c52-45c670677773}) (Version: 4.4 - Adobe Systems Incorporated)
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
LogMeIn (HKLM-x32\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
McAfee Browser Protection Service (HKLM-x32\...\McAfeeBrowserProtection) (Version: 6.0.3.138 - McAfee, Inc.) <==== ATTENTION
McAfee Firewall Protection Service (HKLM-x32\...\McAfee Managed Firewall) (Version: 6.0.3.138 - McAfee, Inc.)
McAfee SiteAdvisor Enterprise (x32 Version: 3.5.0.1204 - McAfee, Inc.) Hidden
McAfee Virus and Spyware Protection Service (HKLM-x32\...\MVS) (Version: 6.0.3.138 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-0080-011C-141002011772}) (Version: 2.1.6002.128 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nmap 5.61-Spiceworks (HKLM-x32\...\Spiceworks-Nmap) (Version: - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera Stable 40.0.2308.81 (HKLM-x32\...\Opera 40.0.2308.81) (Version: 40.0.2308.81 - Opera Software)
Pantone Color Manager 2.1.0 (HKLM-x32\...\Pantone Color Manager_is1) (Version: - PANTONE)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Spiceworks Desktop (HKLM-x32\...\Spiceworks) (Version: 7.5.00074 - Spiceworks, Inc.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPcap 4.1.2-Spiceworks (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
X-Rite Device Services Manager (HKLM-x32\...\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}) (Version: 2.3.82 - X-Rite)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Rick\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\9D33DFAE6C52433F83F611B76F6F2BE3\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2900652731-1545930263-437072239-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04ECC7B7-4BC1-469A-A29A-090834595B9F} - System32\Tasks\ReclaimerUpdateFiles_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {09B83EB1-7511-476E-AADD-C9E512D387B0} - System32\Tasks\HP AR Program Upload - 381aff87eb5e40f8acb44ac1c6fb554125f4ee61123c42ed9df5b838b2def031 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {1478BBFD-387E-44B4-8A7D-E2EE53535772} - System32\Tasks\HP AR Program Upload - 8235740889514316a6fdbe064ab694f3f24431c1096f4bfca00b4a1f667498c0 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {16D4FBAB-C935-4F12-88A9-0686CCF0D8B7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)
Task: {22056459-7B14-4B08-ABEC-F6BA01F213D3} - System32\Tasks\HP AR Program Upload - b9d7dd830c5e4926b82d790df35fdca2df0e8d8f6dce4bbfaa543e303878d818 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2BFC5695-0827-4B96-8BDD-2340EC65164A} - System32\Tasks\HP AR Program Upload - 43d21fb3773b4d18b4a96bccb99ebb162abec3bdb81f45549dd37a36225af222 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {3CB1E731-91A2-4C3C-98F5-B073EF7FD204} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4223BE8B-0AD1-431C-939D-DD19160A0FD7} - System32\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000 => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe [2016-10-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {48897381-735E-44BF-BDAE-2D8E4C86FB39} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {4B6ED267-A7B0-4AF0-879A-5283DDD15A77} - System32\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000 => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe [2016-10-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {58BBEA3F-46C7-47BB-96B8-50A926CF0396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5CC9E35A-AB3E-4E73-BBAA-6518173C3C74} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {60AE1FEA-873C-4FCF-8593-78C95A0479E0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {679A6860-03A3-4EDF-A03D-5C41A62C2E54} - System32\Tasks\HP AR Program Upload - 87b80886cf1c439fbaba5fb60f4fd31539d3dea8b7fc4820b40122ceef546c5e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6E6945BF-CFC2-491F-94DE-5F387DFDC566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {7E16FE1D-E132-4753-8ECF-B41E45DA721F} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8CB2F37B-0A19-4F7D-860F-5035F7D1E6DA} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23] (X-Rite Inc.)
Task: {9AC7D5DB-4A3F-41E2-B48C-DA643647C0CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9E494A5B-54C8-4D09-AAB2-A0EC8E98A248} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A13EB934-EA80-4FCF-8573-AEF7E3978AC3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {AB4677F6-2450-41D8-8395-BD1A7289FC13} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus Online\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {B6E03CBE-D005-4E85-8FB8-C4C82CE8AEF1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.4.24\WSCStub.exe
Task: {C2CCA14A-7172-4570-91DD-B16B03C41FF0} - System32\Tasks\TinyTakeUpgrade => C:\Users\Rick\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {C64BD6F4-416E-4C84-AF0F-5BE2682DCFC8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {CAB2EF2C-3429-435D-8EFC-0E7CCE491127} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.4.24\SymErr.exe
Task: {CE486478-EB20-4FC2-B161-4469A4FA22CA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-09-07] (Dropbox, Inc.)
Task: {D0E5F315-BF8C-4CFD-8FF3-1488D808C644} - System32\Tasks\AdobeAAMUpdater-1.0-Rick-PC-Rick => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {D36E7BB5-BEDF-4B4D-9F35-AA71D99A3C62} - System32\Tasks\HP AR Program Upload - e5dcbd9238784a3f9d97ccba665e33ae2fe46b50e09d4fc7920737d9ec08630f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D8009271-07F9-483F-A9A2-F49BA9BE09F9} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.4.24\SymErr.exe
Task: {D91E2F27-2BB0-48B1-BA78-B82EAE3AB0B6} - System32\Tasks\RNUpgradeHelperResumePrompt_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {E7342D1B-8BD7-4789-B1F8-48E145373698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {EB084A77-1725-4F37-BDB2-25E20846A293} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {F13B40EC-B1FF-446F-B60E-B75663BEC34B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {F1A4E795-162B-47AB-96A9-65D3BF67B7E0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2900652731-1545930263-437072239-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F817CF06-7A3D-45A3-97EC-3749A2DDB0EA} - System32\Tasks\ReclaimerUpdateXML_Rick => C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\rnupgagent.exe [2016-09-14] (RealNetworks, Inc.)
Task: {FE1D63EA-0ED9-4432-9283-BB658D1E0F22} - System32\Tasks\Opera scheduled Autoupdate 1475771156 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-03] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA.job => C:\Users\Rick\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2900652731-1545930263-437072239-1000.job => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2900652731-1545930263-437072239-1000.job => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000Core.job => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900652731-1545930263-437072239-1000UA.job => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-14 11:20 - 2016-09-12 13:00 - 00133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-11-12 11:30 - 2014-03-05 15:21 - 00227688 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\VScan64\MVSShExt6.0.3.127.dll
2016-04-15 15:40 - 2016-04-11 15:32 - 00601600 _____ () C:\IDrive\IDContextMenu.dll
2014-11-12 11:33 - 2014-06-18 15:06 - 02519552 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
2015-11-12 11:28 - 2014-12-04 17:29 - 00481648 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
2016-04-15 15:40 - 2016-04-11 15:33 - 00412672 _____ () C:\IDrive\Sync.dll
2016-04-15 15:40 - 2016-04-14 17:52 - 00043520 _____ () C:\IDrive\RemoteManagement.dll
2016-04-15 15:40 - 2016-04-14 17:52 - 00013312 _____ () C:\IDrive\SqliteWrapper.dll
2013-01-18 12:16 - 2016-04-11 15:32 - 00834048 _____ () C:\IDrive\sqlite3.dll
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\encdb.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00009216 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\iso_8859_1.so
2016-03-02 17:44 - 2016-03-02 17:44 - 00013312 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\trans\transdb.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00014336 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\racc\cparse.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00023552 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\stringio.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00078336 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\syck.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00111616 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\date_core.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00013312 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\thread.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\monitor_mixin.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00058368 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\efs.so
2016-03-02 17:33 - 2016-03-02 17:33 - 00168960 _____ () C:\Program Files (x86)\Spiceworks\bin\qdbm.dll
2016-03-02 17:50 - 2016-03-02 17:50 - 00019456 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\json\ext\parser.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_16be.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_16le.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_32be.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00008192 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\utf_32le.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00025600 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\json\ext\generator.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00081920 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\zlib.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00008704 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\etc.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00026112 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\fiddle.so
2016-03-02 17:42 - 2016-03-02 17:42 - 00020992 _____ () C:\Program Files (x86)\Spiceworks\bin\libffi-6.dll
2016-03-02 17:44 - 2016-03-02 17:44 - 00013312 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\trans\utf_16_32.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00017408 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\strscan.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00025600 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\sqlite3-1.3.8\lib\sqlite3\sqlite3_native.so
2016-03-02 17:33 - 2016-03-02 17:33 - 00473600 _____ () C:\Program Files (x86)\Spiceworks\bin\sqlite3.dll
2016-03-02 17:50 - 2016-03-02 17:50 - 00185856 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\openssl.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00007680 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\fcntl.so
2016-03-02 17:50 - 2016-03-02 17:50 - 00023552 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\pathname.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00047616 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\dl.so
2016-03-02 17:44 - 2016-03-02 17:44 - 00096768 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\trans\single_byte.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00011776 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\service.so
2016-03-02 17:52 - 2016-03-02 17:52 - 00096256 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\socket.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00053760 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\bigdecimal.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00018944 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\iconv-1.0.4\lib\iconv\iconv.so
2016-03-02 17:38 - 2016-03-02 17:38 - 00864768 _____ () C:\Program Files (x86)\Spiceworks\bin\iconv.dll
2016-03-02 17:50 - 2016-03-02 17:50 - 00252416 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\nkf.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\euc_jp.so
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\shift_jis.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00010240 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest\md5.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00012800 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest\sha1.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00052736 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\nokogiri-1.4.1\lib\nokogiri\nokogiri.so
2016-03-02 17:42 - 2016-03-02 17:42 - 00061440 _____ () C:\Program Files (x86)\Spiceworks\bin\libexslt.dll
2016-03-02 17:42 - 2016-03-02 17:42 - 00171008 _____ () C:\Program Files (x86)\Spiceworks\bin\libxslt.dll
2016-03-02 17:41 - 2016-03-02 17:41 - 00996352 _____ () C:\Program Files (x86)\Spiceworks\bin\libxml2.dll
2016-03-02 17:33 - 2016-03-02 17:33 - 00067584 _____ () C:\Program Files (x86)\Spiceworks\bin\zlib1.dll
2016-03-02 17:58 - 2016-03-02 17:58 - 00011776 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\image_science-1.2.1\lib\image_science.so
2016-03-02 17:49 - 2016-03-02 17:49 - 00015872 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\digest\sha2.so
2016-03-02 17:54 - 2016-03-02 17:54 - 00045568 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\bits.so
2016-03-02 17:51 - 2016-03-02 17:51 - 00076288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\win32ole.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00026112 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\async_ping.so
2016-03-02 17:53 - 2016-03-02 17:53 - 00101888 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\site_ruby\2.1.0\i386-msvcr90\event_log.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00028160 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\net-snmp-0.2.5\lib\netsnmp_api.so
2016-03-02 17:40 - 2016-03-02 17:40 - 00397312 _____ () C:\Program Files (x86)\Spiceworks\bin\netsnmp.dll
2016-03-02 17:43 - 2016-03-02 17:43 - 00012288 _____ () C:\Program Files (x86)\Spiceworks\lib\ruby\2.1.0\i386-mswin32_90\enc\windows_31j.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00060416 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\curb-0.7.12\lib\curb_core.so
2016-03-02 17:58 - 2016-03-02 17:58 - 00027136 _____ () C:\Program Files (x86)\Spiceworks\pkg\gems\win32-api-1.5.2\lib\win32\api.so
2014-06-23 17:06 - 2014-06-23 17:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2014-06-23 17:06 - 2014-06-23 17:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-10-14 12:15 - 2016-09-13 14:08 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-20 08:37 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2013-05-20 08:37 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2014-11-12 11:33 - 2014-07-10 01:41 - 44580864 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\Prism.dll
2014-11-12 11:33 - 2014-07-11 10:01 - 03449344 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\CxF2_VC90MD_2.1.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 00898560 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\libxml2.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 00073728 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\zlib1.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 07982592 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\QtGui4.dll
2014-11-12 11:33 - 2014-07-11 10:02 - 02147328 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\QtCore4.dll
2015-11-12 11:28 - 2014-12-04 17:29 - 00420208 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll
2015-11-12 11:31 - 2014-12-04 17:28 - 00199024 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\BPTrayPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> Online Casino | 2,400 Free Bonus - Europa Casino
IE trusted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2900652731-1545930263-437072239-1000\...\europacasino.com -> Online Casino | 2,400 Free Bonus - Europa Casino

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-10-06 09:48 - 00000970 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2900652731-1545930263-437072239-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3B6A7B21-379A-4EE4-B008-05BBB007EDD5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{DDE8F113-9ED8-4F84-A460-FF039CA9A4A5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{F1417394-57CE-4B03-A62D-8CE4BE4CE6AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{26291F3D-2D2E-4D00-A426-A50FD0531416}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{5823E6C3-FB34-4BCA-94D5-7B2CDD66A1D6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C8ED4761-7B14-4581-B7FB-1A8AF4754360}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4B16543D-D798-4E23-A28A-73BDF23D704F}] => (Allow) LPort=5353
FirewallRules: [{1F398F56-A117-4FE2-9EFA-56D66AF9518E}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{DF3F414C-421B-4DC0-BE5C-F1E26F86D653}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{3D6A2D02-B675-4622-915D-BF19958144A1}] => (Allow) LPort=3703
FirewallRules: [{CBD81C5C-4B27-49E0-A4AD-18D825FAD93E}] => (Allow) LPort=3704
FirewallRules: [{FDD7B16B-2871-40C5-BA0B-11C4B3FA4C7E}] => (Allow) LPort=51000
FirewallRules: [{A8560E34-78B5-4BD1-A1B5-1C5DCCF5CB55}] => (Allow) LPort=51001
FirewallRules: [{4B5F7BCC-4C28-474D-8BED-CC41396E69A1}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{D2138AA4-28AF-4C3B-8676-E8141DBDA6C8}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [TCP Query User{21E68DDA-5FAD-40BE-A3B0-8D58FD5D727B}C:\program files (x86)\activefax\server\actfax.exe] => (Allow) C:\program files (x86)\activefax\server\actfax.exe
FirewallRules: [UDP Query User{63357AAB-DCC6-410D-84BD-E14E62EDCCB9}C:\program files (x86)\activefax\server\actfax.exe] => (Allow) C:\program files (x86)\activefax\server\actfax.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{FC0A520A-EF5C-47E3-A8D9-C335511ECAE7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4928BE78-49CD-4A09-8BEB-851734DC7FA4}] => (Allow) LPort=2869
FirewallRules: [{DEC0B2AC-5100-47B0-933D-859DF868B8C8}] => (Allow) LPort=1900
FirewallRules: [{34D9C93D-7945-452D-A1CB-489E9AC6FCD4}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe
FirewallRules: [{182862CD-E88F-4BAD-9DC2-5E127124541F}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe
FirewallRules: [{954C97F9-CDF3-461B-B073-AA55FBC5ACA6}] => (Allow) LPort=5454
FirewallRules: [{58D3CB79-BF6F-4137-A539-C02F834E4C81}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{3D7EC8F8-3F6D-4365-96FD-4071CA9CCB25}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{0034E716-F12C-4D0F-8194-4F4B0F3770B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03C157FB-5ABB-4B1B-B6BB-B9F02852752D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{ED41FF01-8B46-4A3F-879E-3DFAAAA6C323}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CB7EDA2E-518B-4F13-8161-55671E43ADE1}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{53B04B80-BB46-4AF5-BDFF-188BD6F9FE00}] => (Allow) C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{580A44EF-36EF-48EC-8169-E6A65518457E}] => (Allow) C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2ED531E8-F8E8-4034-B9E0-4C75A8A8E99C}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{5230AB06-CAB6-4B69-B503-D112444479BE}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{5ACD81BE-BD6F-4804-9749-5811B1AC2556}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{95B91258-080C-4FE2-8A34-DD1B8E1C7456}] => (Allow) C:\Program Files (x86)\Spiceworks\spiceworks_desktop.exe
FirewallRules: [{F7B9B5F2-6C7B-4009-8DBA-9EBCD704DB0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A1FF33F-C34D-46A1-8C30-EC381969D149}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68C79E00-53E9-4B2D-BD11-E1C445DD4CFC}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{A3268767-BBD4-4F54-AE0D-76DC667FFC84}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{4668812C-F2A2-4610-9D82-C1A1AC1A337D}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{7754368B-38A5-4A25-91A7-2D6B69AA96D0}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{42AAA4EA-C94C-4D59-9D08-A75B4CA4154A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3F2CBAB3-7C43-4C27-A1F3-823B76846585}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{84B609EA-6153-4754-A819-C8F48C3C8CCA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC09F480-8905-4343-9F31-46E340C9FF0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C0758B97-791D-4F43-A038-07CD3B974B0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B125348A-3937-4CB4-9CB2-97D603C0BDE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9C4F0097-84EF-45A9-806D-6EAE1B3FF991}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7E5484B5-62A7-42FB-BE11-66DF5B962454}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2016 09:24:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2016 09:20:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 05:56:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 05:13:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 05:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 04:16:10 PM) (Source: ESENT) (EventID: 489) (User: )
Description: esentutl (60580) An attempt to open the file "c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/17/2016 04:16:00 PM) (Source: ESENT) (EventID: 489) (User: )
Description: esentutl (60580) An attempt to open the file "c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/17/2016 04:14:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eaa0

Start Time: 01d228cc038ff809

Termination Time: 32

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 65d8c06e-94bf-11e6-a44f-6805ca128c68

Error: (10/17/2016 04:12:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program systempropertiesadvanced.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec7c

Start Time: 01d228cbabf6d3de

Termination Time: 33

Application Path: C:\Windows\system32\systempropertiesadvanced.exe

Report Id: 36211650-94bf-11e6-a44f-6805ca128c68

Error: (10/14/2016 03:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/18/2016 09:24:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2016 09:21:59 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/18/2016 09:21:59 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/18/2016 09:21:57 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/18/2016 09:21:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2016 09:21:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
ESProtectionDriver
SCDEmu
spldr
vpcvmm
Wanarpv6

Error: (10/18/2016 09:20:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/18/2016 09:20:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/18/2016 09:19:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/18/2016 09:19:52 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
Date: 2016-10-18 03:34:08.339
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-18 03:34:07.996
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-18 03:34:07.637
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-17 04:03:37.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-17 04:03:36.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-17 04:03:36.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-16 04:30:26.324
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-16 04:30:25.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-16 04:30:25.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 03:40:01.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of memory in use: 28%
Total physical RAM: 8125.93 MB
Available physical RAM: 5847.29 MB
Total Virtual: 16250.05 MB
Available Virtual: 13871.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:334.13 GB) NTFS
Drive f: (MW_Data_Drive) (Fixed) (Total:931.51 GB) (Free:816.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DA7E7D93)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: C7D7A77E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Is there a specific error code at the end of the "bad image - opengl32.dll" window?

From an elevated command prompt run:
Code: 
sfc /scannow
Don't close the command window, let it work, wait till it finishes, report the final result you see in the command window.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top