mmcintosh

Members
  • Content Count

    29
  • Joined

  • Last visited

Posts posted by mmcintosh


  1. # Run at 4/21/2020 5:54:14 PM
    # KpRm (Kernel-panik) version 2.8
    # Website https://kernel-panik.me/tool/kprm/
    # Run by MarKay from C:\Users\MarKay\Downloads
    # Computer Name: MARKAY
    # OS: Windows 10 X64 (17134) 
    # Number of passes: 1

    - Checked options -

        ~ Registry Backup
        ~ Delete Tools
        ~ Restore System Settings
        ~ UAC Restore
        ~ Delete Restore Points
        ~ Create Restore Point
        ~ Delete Quarantines

    - Create Registry Backup -

       ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
       ~ [OK] Hive C:\Users\MarKay\NTUSER.dat backed up

         [OK] Registry Backup: C:\KPRM\backup\2020-04-21-17-54-13

    - Delete Tools -


      ## AdwCleaner
         [OK] C:\Users\MarKay\Downloads\adwcleaner_8.0.4.exe deleted
         [OK] C:\AdwCleaner deleted

      ## FRST
         [OK] C:\Users\MarKay\Downloads\Addition.txt deleted
         [OK] C:\Users\MarKay\Downloads\Fixlog.txt deleted
         [OK] C:\Users\MarKay\Downloads\FRST.exe deleted
         [OK] C:\Users\MarKay\Downloads\FRST.txt deleted
         [OK] C:\Users\MarKay\Downloads\FRST64.exe deleted
         [OK] C:\FRST deleted

    - Restore System Settings -

         [OK] Reset WinSock
         [OK] FLUSHDNS
         [OK] Hide Hidden file.
         [OK] Show Extensions for known file types
         [OK] Hide protected operating system files

    - Restore UAC -

         [OK] Set EnableLUA with default (1) value
         [OK] Set ConsentPromptBehaviorAdmin with default (5) value
         [OK] Set ConsentPromptBehaviorUser with default (3) value
         [OK] Set EnableInstallerDetection with default (0) value
         [OK] Set EnableSecureUIAPaths with default (1) value
         [OK] Set EnableUIADesktopToggle with default (0) value
         [OK] Set EnableVirtualization with default (1) value
         [OK] Set FilterAdministratorToken with default (0) value
         [OK] Set PromptOnSecureDesktop with default (1) value
         [OK] Set ValidateAdminCodeSignatures with default (0) value

    - Clear Restore Points -

          No system recovery points were found

    - Create Restore Point -

         [X] System Restore Point not created

    - Display System Restore Point -

         [X] No System Restore point found

    -- KPRM finished in 212.90s --

     


  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020
    Ran by MarKay (21-04-2020 16:30:47) Run:1
    Running from C:\Users\MarKay\Downloads
    Loaded Profiles: MarKay (Available Profiles: MarKay)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
    Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
    Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X]
    FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File
    FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File
     
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{188DB286-66F6-4E53-B82E-FBE8A8E44134}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{188DB286-66F6-4E53-B82E-FBE8A8E44134}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52DD92D5-D67F-4DC6-8FBD-4272D1505B2D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DD92D5-D67F-4DC6-8FBD-4272D1505B2D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DC68ECD-43E5-4F15-9684-C689FFECE624}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DC68ECD-43E5-4F15-9684-C689FFECE624}" => removed successfully
    C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{670DBF19-0AB9-4296-B664-8A6453B5E4FC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670DBF19-0AB9-4296-B664-8A6453B5E4FC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96045AF9-97E8-4B84-B7C9-3A741A5CEF73}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96045AF9-97E8-4B84-B7C9-3A741A5CEF73}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98C977F1-38A0-4A71-B1D8-7322F4411DD9}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C977F1-38A0-4A71-B1D8-7322F4411DD9}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6954865-E48E-4B03-A345-F47993FA0CCC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6954865-E48E-4B03-A345-F47993FA0CCC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02762AE-F09B-40E5-A03C-339C4DB90E90}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02762AE-F09B-40E5-A03C-339C4DB90E90}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57CCABA-0702-41C4-B0A9-9229865368E3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57CCABA-0702-41C4-B0A9-9229865368E3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFA0FC04-3529-4284-9E96-FB63EC5A2A31}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA0FC04-3529-4284-9E96-FB63EC5A2A31}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFBE1B10-DD9C-4352-93DB-8485E1E8698A}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBE1B10-DD9C-4352-93DB-8485E1E8698A}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E744C069-CE66-4ABA-8F03-1E7E46E6108F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E744C069-CE66-4ABA-8F03-1E7E46E6108F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7D2D033-B041-4D78-A5CE-999273775454}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D2D033-B041-4D78-A5CE-999273775454}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6139BE1-BE7A-4A9C-B5DB-97482E99199A}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6139BE1-BE7A-4A9C-B5DB-97482E99199A}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
    HKLM\System\CurrentControlSet\Services\SupportAssistAgent => removed successfully
    SupportAssistAgent => service removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DEADA99-A448-45F7-AC2F-FA076D234E70}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7719BEC-D878-4371-9446-6FF0A2067DC3}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0E76921-EAF6-4B41-976F-6FF145705CDC}" => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\.ses => moved successfully
    C:\Windows\Temp\.session64 => moved successfully
    C:\Windows\Temp\a4fc417f-6d0d-433a-8814-9c156e9a6912_Catalog_Apps.xml => moved successfully
    C:\Windows\Temp\APPX.32s2wozeta3mitt914e8by6fh.tmp => moved successfully
    Could not move "C:\Windows\Temp\APPX.3b_6rqixw4b954nd0w7qiy27b.tmp" => Scheduled to move on reboot.
    C:\Windows\Temp\APPX.436il6nyhidazfwvten77ixeg.tmp => moved successfully
    Could not move "C:\Windows\Temp\APPX.4whsf8lhrj7f36pnnfa4jbnle.tmp" => Scheduled to move on reboot.
    C:\Windows\Temp\APPX.63xpm306q5u7ot6bzdodh0gfh.tmp => moved successfully
    C:\Windows\Temp\APPX.64ggao22foczgu259scmqttuc.tmp => moved successfully
    C:\Windows\Temp\APPX.682fe8ue7vb0ozqposnwoqoyb.tmp => moved successfully
    C:\Windows\Temp\APPX.6j94804blpxbgixp8k_4n934b.tmp => moved successfully
    Could not move "C:\Windows\Temp\APPX.6n4dkf6lhwduo12wqehdce_ic.tmp" => Scheduled to move on reboot.
    C:\Windows\Temp\APPX.6ohilfoegruqlns324e3h3rbe.tmp => moved successfully
    C:\Windows\Temp\APPX.7afmvamertmig288cibw27n5b.tmp => moved successfully
    C:\Windows\Temp\APPX.7cbl56c7sh2bu09iat9f3yqwf.tmp => moved successfully
    C:\Windows\Temp\APPX.7h9n2fwkls9l53zwyy9mqulsf.tmp => moved successfully
    C:\Windows\Temp\APPX.8wdfh_ll5o660cmikabkx92o.tmp => moved successfully
    C:\Windows\Temp\APPX.95b_l72_ukvil51_g9q2nzvtg.tmp => moved successfully
    C:\Windows\Temp\APPX.95dwqo6hvpemspvu31956surh.tmp => moved successfully
    C:\Windows\Temp\APPX.ajb503k4weyedqedbk9k2zh6e.tmp => moved successfully
    C:\Windows\Temp\APPX.aues47qag47lmiaqa0w9bnc7.tmp => moved successfully
    C:\Windows\Temp\APPX.ayix0u4kfy416czp5lj5b1zih.tmp => moved successfully
    C:\Windows\Temp\APPX.ba21zhefcv_i672nvji7u4e0c.tmp => moved successfully
    Could not move "C:\Windows\Temp\APPX.bcgw8yprkivrfslwrsn9a4sjc.tmp" => Scheduled to move on reboot.
    C:\Windows\Temp\APPX.c3_rp5vwbkhbgcjadxwf6vn1f.tmp => moved successfully
    C:\Windows\Temp\APPX.cyko10udnwxesezurob2iyo4e.tmp => moved successfully
    C:\Windows\Temp\APPX.e_s80uqe9vrue9c5_c2anc53g.tmp => moved successfully
    C:\Windows\Temp\APPX.g0wtkch_pe__ny0ydmu_u0i5g.tmp => moved successfully
    C:\Windows\Temp\APPX.gb7vbwm6g6zbfe6jl5pe0oboh.tmp => moved successfully
    C:\Windows\Temp\APPX.gcx6ms54ufx5i849h99w4hx7e.tmp => moved successfully
    C:\Windows\Temp\APPX.giyte9mtbv7yi_7rsgpd7oxs.tmp => moved successfully
    C:\Windows\Temp\APPX.i9c0mtgwebaxcuipzm0e2warc.tmp => moved successfully
    C:\Windows\Temp\APPX.iuibt4bmlbp5i8ezuoaer06be.tmp => moved successfully
    C:\Windows\Temp\APPX.iyxxfbk7w8d_uwlkqb33ehdgb.tmp => moved successfully
    C:\Windows\Temp\APPX.k1a5h7mz6xj7bb1uetxjn1r7f.tmp => moved successfully
    C:\Windows\Temp\APPX.l59c8vxcmv2_y5ufrhz0f9klf.tmp => moved successfully
    C:\Windows\Temp\APPX.mnjoavdhszlwrjeoan_gl0zqg.tmp => moved successfully
    C:\Windows\Temp\APPX.p2de9gxc5afy7im75540hn3_h.tmp => moved successfully
    C:\Windows\Temp\APPX.p7s6wxttw4ya0dorc64eygfq.tmp => moved successfully
    C:\Windows\Temp\APPX.r78rur4onwamortf3wr8_zg9c.tmp => moved successfully
    C:\Windows\Temp\APPX.rpaa9kc87jejzk6__4vz3cnb.tmp => moved successfully
    C:\Windows\Temp\APPX.rqqnsdq1t7u5acitdngzytl8e.tmp => moved successfully
    C:\Windows\Temp\APPX.spn_g29d2x3tgmwk2d0ebh3t.tmp => moved successfully
    C:\Windows\Temp\APPX.txg288m96m4g8sedploz222ig.tmp => moved successfully
    C:\Windows\Temp\APPX.u6mbkrx3axztfvvqyc369d4ce.tmp => moved successfully
    C:\Windows\Temp\APPX.vchyidvky7eimklob3nloc6j.tmp => moved successfully
    C:\Windows\Temp\APPX.zkjx3o89h8kcxvincpthh7s8.tmp => moved successfully
    C:\Windows\Temp\aria-debug-11832.log => moved successfully
    C:\Windows\Temp\aria-debug-12912.log => moved successfully
    C:\Windows\Temp\aria-debug-13532.log => moved successfully
    C:\Windows\Temp\aria-debug-15320.log => moved successfully
    C:\Windows\Temp\aria-debug-15420.log => moved successfully
    C:\Windows\Temp\aria-debug-17752.log => moved successfully
    C:\Windows\Temp\aria-debug-18028.log => moved successfully
    C:\Windows\Temp\aria-debug-5804.log => moved successfully
    C:\Windows\Temp\aria-debug-9268.log => moved successfully
    C:\Windows\Temp\chrome_installer.log => moved successfully
    C:\Windows\Temp\DMI4F3D.tmp => moved successfully
    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\HighPerformancePlan.log => moved successfully
    C:\Windows\Temp\ipconfig.out => moved successfully
    C:\Windows\Temp\MARKAY-20190207-1321.log => moved successfully
    C:\Windows\Temp\MARKAY-20190207-1321a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1439.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1439a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1729.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1737.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1737a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1746.log => moved successfully
    C:\Windows\Temp\MARKAY-20190210-1755.log => moved successfully
    C:\Windows\Temp\MARKAY-20190429-0648.log => moved successfully
    C:\Windows\Temp\MARKAY-20190429-0653.log => moved successfully
    C:\Windows\Temp\MARKAY-20190429-0653a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190512-2048.log => moved successfully
    C:\Windows\Temp\MARKAY-20190607-1620.log => moved successfully
    C:\Windows\Temp\MARKAY-20190607-1620a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-1728.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-1741.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-1741a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-1818.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-1819.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-1820.log => moved successfully
    C:\Windows\Temp\MARKAY-20190619-2226.log => moved successfully
    C:\Windows\Temp\MARKAY-20190620-0004.log => moved successfully
    C:\Windows\Temp\MARKAY-20190626-2105.log => moved successfully
    C:\Windows\Temp\MARKAY-20190626-2105a.log => moved successfully
    C:\Windows\Temp\MARKAY-20190626-2106.log => moved successfully
    C:\Windows\Temp\MARKAY-20200406-0815.log => moved successfully
    C:\Windows\Temp\MARKAY-20200406-0830.log => moved successfully
    C:\Windows\Temp\MARKAY-20200406-1319.log => moved successfully
    C:\Windows\Temp\MARKAY-20200406-1319a.log => moved successfully
    C:\Windows\Temp\MARKAY-20200406-1320.log => moved successfully
    C:\Windows\Temp\MARKAY-20200407-0317.log => moved successfully
    C:\Windows\Temp\MARKAY-20200407-0400.log => moved successfully
    C:\Windows\Temp\MARKAY-20200409-1637.log => moved successfully
    C:\Windows\Temp\MARKAY-20200409-1637a.log => moved successfully
    C:\Windows\Temp\MARKAY-20200409-1638.log => moved successfully
    C:\Windows\Temp\MARKAY-20200409-1707.log => moved successfully
    C:\Windows\Temp\MARKAY-20200409-1708.log => moved successfully
    C:\Windows\Temp\MARKAY-20200409-1708a.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1138.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1147.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1159.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1200.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1201.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1414.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1430.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1454.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1511.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1519.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1529.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1536.log => moved successfully
    C:\Windows\Temp\MARKAY-20200421-1625.log => moved successfully
    Could not move "C:\Windows\Temp\MARKAY-20200421-1630.log" => Scheduled to move on reboot.
    C:\Windows\Temp\mat-debug-12440.log => moved successfully
    C:\Windows\Temp\mat-debug-14380.log => moved successfully
    C:\Windows\Temp\mat-debug-14844.log => moved successfully
    C:\Windows\Temp\mat-debug-16016.log => moved successfully
    C:\Windows\Temp\mat-debug-16688.log => moved successfully
    C:\Windows\Temp\mat-debug-16764.log => moved successfully
    C:\Windows\Temp\mat-debug-17244.log => moved successfully
    C:\Windows\Temp\mat-debug-2268.log => moved successfully
    C:\Windows\Temp\mat-debug-3912.log => moved successfully
    C:\Windows\Temp\mat-debug-7984.log => moved successfully
    C:\Windows\Temp\mbamiservice.log => moved successfully
    C:\Windows\Temp\mb_errors972.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2019021017295834DC).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211159421F58).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2020042115114510B4).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211529281044).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211630558B4).log" => Scheduled to move on reboot.
    C:\Windows\Temp\PowerPlan.log => moved successfully
    C:\Windows\Temp\sed2BE8.tmp => moved successfully
    C:\Windows\Temp\sed594A.tmp => moved successfully
    C:\Windows\Temp\sed6934.tmp => moved successfully
    C:\Windows\Temp\sed7E94.tmp => moved successfully
    C:\Windows\Temp\sedA4CA.tmp => moved successfully
    C:\Windows\Temp\Silverlight0.log => moved successfully
    C:\Windows\Temp\SilverlightMSI.log => moved successfully
    C:\Windows\Temp\TS_D8CA.tmp => moved successfully
    C:\Windows\Temp\TS_DF33.tmp => moved successfully
    C:\Windows\Temp\TS_E711.tmp => moved successfully
    C:\Windows\Temp\TS_E7ED.tmp => moved successfully
    C:\Windows\Temp\TS_FBA5.tmp => moved successfully
    C:\Windows\Temp\UsoStoreFile.xml => moved successfully
    C:\Windows\Temp\{F7ED8E0D-04F6-4080-AA29-4C202436E61F} - OProcSessId.dat => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10772480 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79088601 B
    Java, Flash, Steam htmlcache => 5003 B
    Windows/system/drivers => 2375105 B
    Edge => 1537603 B
    Chrome => 399750329 B
    Firefox => 356817602 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 1864219825 B
    systemprofile32 => 1864219825 B
    LocalService => 1864224083 B
    NetworkService => 2225379667 B
    MarKay => 2469097248 B

    RecycleBin => 3064734671 B
    EmptyTemp: => 13.2 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-04-2020 17:31:03)

    C:\Windows\Temp\APPX.3b_6rqixw4b954nd0w7qiy27b.tmp => Is moved successfully
    C:\Windows\Temp\APPX.4whsf8lhrj7f36pnnfa4jbnle.tmp => Is moved successfully
    C:\Windows\Temp\APPX.6n4dkf6lhwduo12wqehdce_ic.tmp => Is moved successfully
    C:\Windows\Temp\APPX.bcgw8yprkivrfslwrsn9a4sjc.tmp => Is moved successfully
    C:\Windows\Temp\MARKAY-20200421-1630.log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211630558B4).log => Is moved successfully

    ==== End of Fixlog 17:31:03 ====


  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020
    Ran by MarKay (21-04-2020 15:43:09)
    Running from C:\Users\MarKay\Downloads
    Windows 10 Home Version 1803 17134.1246 (X64) (2018-05-24 23:14:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3528668509-3968989764-3154782742-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3528668509-3968989764-3154782742-503 - Limited - Disabled)
    Guest (S-1-5-21-3528668509-3968989764-3154782742-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3528668509-3968989764-3154782742-1003 - Limited - Enabled)
    MarKay (S-1-5-21-3528668509-3968989764-3154782742-1001 - Administrator - Enabled) => C:\Users\MarKay
    WDAGUtilityAccount (S-1-5-21-3528668509-3968989764-3154782742-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Connect 9 Add-in (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,974,231 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
    Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.)
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.201 - Dell Inc.)
    EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
    Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Intel(R) Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
    Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.12624.20466 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Teams (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Teams) (Version: 1.3.00.362 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 72.0.2.7321 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20466 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
    Office Mix (HKLM-x32\...\{9c7fb62c-70e4-4bd0-b9f1-d84aa18ff93d}) (Version: 0.1.5720.0 - Microsoft Corporation)
    Office Mix 32-bit (HKLM-x32\...\{E3702071-B77B-4441-9833-26B9D5BA9300}) (Version: 0.1.5720.0 - Microsoft) Hidden
    PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
    Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.362 - Microsoft Corporation)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
    VitalSource Bookshelf (HKLM-x32\...\{f4449697-7673-4d11-b23b-67f894203dc3}) (Version: 6.06.0023 - Ingram Content Group)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)

    Packages:
    =========
    Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-04-07] (Amazon.com)
    Can You Escape -> C:\Program Files\WindowsApps\Trapped.CanYouEscape_1.1.0.0_x86__bhn6e84ggqs1p [2015-12-27] (Trapped)
    Candy Zuma -> C:\Program Files\WindowsApps\39904zuelaScott.CandyZuma_1.0.0.0_x86__65bxs6ztfacmp [2015-12-27] (zuelaScott)
    Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-30] (Dell Inc)
    Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-17] (Flipboard)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-21] (HP Inc.)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2020-04-07] (Hulu.)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-08-18] (AMZN Mobile LLC)
    Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MagicPuzzles_4.1.3.0_x64__np8fj6akx2czy [2020-04-21] (ZiMAD) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation) [MS Ad]
    Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
    Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation)
    MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad]
    MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-08-25] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation) [MS Ad]
    MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-21] (Netflix, Inc.)
    Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MarKay\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\MarKay\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\MarKay\Dropbox [2015-08-20 13:25]
    ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-04] (SoftThinks -> )
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-04] (SoftThinks -> )
    ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-21] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-21] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2014-12-11 18:40 - 2014-12-11 18:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
    2014-11-10 20:11 - 2014-11-10 20:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
    2015-09-04 17:34 - 2015-09-04 17:34 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
    2015-09-04 17:42 - 2015-09-04 17:42 - 001367040 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\MarKay\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\sharepoint.com -> hxxps://bgh2-files.sharepoint.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2016-08-06 11:57 - 000000840 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Dell\DW WLAN Card;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212020152936053\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MarKay\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "DropboxOEM"
    HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{8B198B7B-1246-4DEB-B430-E22F3BA91808}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{BE63A214-A38F-49EF-962B-8DC252741B87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{67E6E94B-1B1C-468E-AC00-EBA4FEBA5B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{C1CCA4CA-38AD-4032-8245-AA87850FFD59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{BB7B22F0-DC90-44F1-9910-AB40ADE7CFE9}] => (Allow) C:\Users\MarKay\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{0859531E-CFF4-45ED-8661-6561A5478117}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{4EC2E505-BF36-4A2D-90FC-AB30241489B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{515336D3-F288-4254-BB1A-0E8127256310}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{7DB312CC-7465-4F82-9465-820D01F900C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{8757F25E-CF60-455A-AFE4-B5516C3A0430}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (DELL Inc.) [File not signed]
    FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File
    FirewallRules: [{FBAC24DD-8F57-45C4-86F9-1902367C635C}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe (Wyse Technology Inc -> )
    FirewallRules: [{4577A218-32FF-45CE-9EB8-EFB025D1E82C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6A435999-EFE6-4651-A4DA-5B2AA5A83FED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{66A2F905-5780-43DA-BD47-01C5430E82F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6B9D5662-B91B-433B-A0DC-E9E523A28ED2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6653B0C2-BBE3-40D2-907F-89EA42F2A37A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A524109E-9ECD-44E9-A1A3-2AA16D7792C9}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{6C3B52F9-19FA-46BA-8A3B-F3F393E0035A}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{509903D2-4870-4C2A-BA74-60E00E8376A1}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{3C92B7C7-D913-4A3B-B142-25042FFD7A2B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1B213995-8E5D-4E50-BF65-75C54C2F248F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{9492DA1E-C21E-4C80-8221-34AC9D2D4E3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{C30FA0D1-CC35-4AFE-9B76-EE5AAD2830F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{50190491-00B9-4944-8078-B46853ACD5A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{F4A11410-CE29-4124-9814-6CBC55A79516}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{DEE2F906-0FB9-4164-BCC2-27B06FACA2B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    Check "VSS" service


    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 93390

    Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 93390

    Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 16015

    Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 16015

    Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/21/2020 03:14:33 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (04/21/2020 03:14:33 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


    System errors:
    =============
    Error: (04/21/2020 03:34:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
    Windows.SecurityCenter.WscBrokerManager
     and APPID 
    Unavailable
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/21/2020 03:34:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
    Windows.SecurityCenter.WscDataProtection
     and APPID 
    Unavailable
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/21/2020 03:34:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Dell SupportAssist service failed to start due to the following error: 
    The system cannot find the file specified.

    Error: (04/21/2020 03:33:32 PM) (Source: DCOM) (EventID: 10016) (User: MARKAY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user MarKay\MarKay SID (S-1-5-21-3528668509-3968989764-3154782742-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/21/2020 03:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/21/2020 03:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/21/2020 03:30:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/21/2020 03:29:10 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:11:17 PM on ‎4/‎21/‎2020 was unexpected.


    Windows Defender:
    ===================================
    Date: 2018-08-22 12:49:05.264
    Description: 
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7BCAB21A-C684-4D88-B1C1-6223E71EB2B4}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-08-22 12:19:12.981
    Description: 
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {57C6BE9F-96E5-45F2-8ABA-559E3F6751AF}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-08-01 18:58:39.688
    Description: 
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C921335A-204A-4EF6-847E-7A4404A6B7BD}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-20 22:39:04.739
    Description: 
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3ADAA31D-B7B3-4B83-9548-B04C0CD0EF17}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-20 22:34:47.338
    Description: 
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {0DC92272-82C0-4D73-B77E-21C690264EF1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-04-21 15:04:27.713
    Description: 
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 1.313.2035.0
    Previous Signature Version: 1.313.2014.0
    Update Source: User
    Signature Type: AntiSpyware
    Update Type: Delta
    Current Engine Version: 1.1.16900.4
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80509004
    Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

    Date: 2020-04-21 15:04:27.712
    Description: 
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 1.313.2035.0
    Previous Signature Version: 1.313.2014.0
    Update Source: User
    Signature Type: AntiVirus
    Update Type: Delta
    Current Engine Version: 1.1.16900.4
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80509004
    Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

    Date: 2020-04-21 12:06:45.001
    Description: 
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.313.2014.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80070102
    Error description: The wait operation timed out. 

    Date: 2020-04-21 12:06:45.000
    Description: 
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.313.2014.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80070102
    Error description: The wait operation timed out. 

    Date: 2020-04-21 11:32:34.245
    Description: 
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.313.1169.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80070102
    Error description: The wait operation timed out. 

    ==================== Memory info =========================== 

    BIOS: Dell Inc. A01 11/04/2014
    Motherboard: Dell Inc. 04GKPN
    Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
    Percentage of memory in use: 75%
    Total physical RAM: 4007.66 MB
    Available physical RAM: 981.14 MB
    Total Virtual: 5927.66 MB
    Available Virtual: 2616.15 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:920.54 GB) (Free:830.88 GB) NTFS

    \\?\Volume{9fef599b-2f24-4693-b346-382dcaa9aec6}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
    \\?\Volume{43cb8ddf-b77e-4c9e-a7f4-9f3f98b8930f}\ () (Fixed) (Total:0.92 GB) (Free:0.46 GB) NTFS
    \\?\Volume{37c89ba5-1024-4af1-8d30-8ae05614691d}\ (PBR Image) (Fixed) (Total:8.67 GB) (Free:0.73 GB) NTFS
    \\?\Volume{8c06b1a0-57fa-4d2d-86d9-3cd6e8e4eb14}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 6D52CD60)

    Partition: GPT.

    ==================== End of Addition.txt =======================


  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2020
    Ran by MarKay (administrator) on MARKAY (Dell Inc. Inspiron 3543) (21-04-2020 15:37:51)
    Running from C:\Users\MarKay\Downloads
    Loaded Profiles: MarKay (Available Profiles: MarKay)
    Platform: Windows 10 Home Version 1803 17134.1246 (X64) Language: English (United States)
    Default browser: FF
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
    (Google LLC -> Google) C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\SwReporter\81.233.200\software_reporter_tool.exe <4>
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\MarKay\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Wyse Technology Inc -> ) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.) [File not signed]
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6287872 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [84489984 2020-01-03] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212020152936053\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MarKay\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-04-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Policies\Explorer: [NoLogOff] 0
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.113\Installer\chrmstp.exe [2020-04-21] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2014-02-18] (Broadcom Corporation -> Broadcom Corporation.)
    Startup: C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2020-04-21]
    ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1944437N05PJ;CONNECTION=USB;MONITOR=1;
    Startup: C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-09-05]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05B3C478-8808-4F7A-947C-E0161AC5721B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe
    Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1D61B60A-B3F0-4A94-9DC1-0BF0DF6A2564} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167224 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {1DE82BCC-351D-48D3-8A1D-8BEA3CF6FC1B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {2225C9AF-4D25-467A-9A82-6A822565EA54} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {24A34E1F-C7DB-4398-930E-AE666DFD13BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
    Task: {2BF00924-F6D5-41AC-8EC5-68E4A7D45CE5} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
    Task: {2FCEF649-8E79-42AD-823C-9740F10B51AE} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [713008 2013-08-22] (Wyse Technology Inc -> )
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {4AFE2147-7209-4E77-9DA3-01B5BDDE50D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-21] (Adobe Inc. -> Adobe)
    Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {552B3233-5697-4076-B7BE-8E25223C94B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    Task: {5B09ECA6-BF21-4881-B90D-7EF879FD16D7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
    Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
    Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {695E1228-FA22-4B77-B92A-812CB46DB629} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
    Task: {74BDE4B1-C3D7-432D-A362-D0D92BCF7F26} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-21] (Adobe Inc. -> Adobe)
    Task: {7F14A200-542D-42E7-AAD9-AED5DCD4899D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
    Task: {9543A93A-5CE5-4314-9E89-A7075F4591FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.)
    Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B01BBD6A-B06D-4BC5-AEDE-97787B097DB2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B2A67C31-8575-4CFF-BC8D-8F78EA47D7DD} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc)
    Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {BB0B5233-A0BC-4A95-99FE-7B71720A7394} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {C641E95B-C7E4-421A-A877-3487686B1EB0} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
    Task: {CE239613-B4FD-4C17-9502-8263D69C9D1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1F17116-DDE8-4D0D-8877-276D9561C23B} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc)
    Task: {D67945E7-D83B-45E9-8205-60EFDD08BA95} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {DB94ED5F-1552-43C6-A45F-5D8AC4BB8B14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-19] (Adobe Inc. -> Adobe)
    Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
    Task: {EC36752F-0C6D-49D6-9FC0-FBFA21A03984} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.)
    Task: {EC955163-6405-4E8A-B428-86517C524ACE} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [17200 2013-08-22] (Wyse Technology Inc -> )
    Task: {F4172F5B-8193-43CC-8EBA-FAFD43DDD659} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
    Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {FD340491-43DC-40E0-A276-DCD3E2B17D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1448320 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{0b4cae4d-802d-460b-a7fd-4ad38284263d}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{9dd3c540-9e69-40a9-9600-38f0ae087783}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: zld0mb4h.default-1542906549349
    FF ProfilePath: C:\Users\MarKay\AppData\Roaming\Mozilla\Firefox\Profiles\zld0mb4h.default-1542906549349 [2020-04-21]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-19] (Adobe Inc. -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-19] (Adobe Inc. -> )
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-06] (Microsoft Corporation -> Microsoft Corporation)

    Chrome: 
    =======
    CHR Profile: C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default [2020-04-21]
    CHR Notifications: Default -> hxxps://www.facebook.com
    CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp
    CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxps://www.google.com/"
    CHR Extension: (Slides) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
    CHR Extension: (Docs) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
    CHR Extension: (Google Drive) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-29]
    CHR Extension: (YouTube) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-29]
    CHR Extension: (Sheets) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
    CHR Extension: (Google Docs Offline) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-21]
    CHR Extension: (Gmail) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-21]
    CHR Extension: (Chrome Media Router) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
    S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc -> Dell Inc.)
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc -> Dell Inc.)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel(R) pGFX -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-21] (Malwarebytes Inc -> Malwarebytes)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] (Wyse Technology Inc -> )
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
    S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X]

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Techporch Incorporated -> Dell Inc.)
    S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation)
    R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-21] (Malwarebytes Corporation -> Malwarebytes)
    S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-21] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-21] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-21] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-21] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-21] (Malwarebytes Inc -> Malwarebytes)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
    S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek Semiconductor Corp -> Realtek )
    R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-04-21 15:37 - 2020-04-21 15:40 - 000030765 _____ C:\Users\MarKay\Downloads\FRST.txt
    2020-04-21 15:37 - 2020-04-21 15:39 - 000000000 ____D C:\FRST
    2020-04-21 15:36 - 2020-04-21 15:37 - 002281984 _____ (Farbar) C:\Users\MarKay\Downloads\FRST64.exe
    2020-04-21 15:36 - 2020-04-21 15:36 - 002010624 _____ (Farbar) C:\Users\MarKay\Downloads\Unconfirmed 399113.crdownload
    2020-04-21 15:16 - 2020-04-21 15:16 - 000000000 ____D C:\Users\MarKay\AppData\Local\D3DSCache
    2020-04-21 15:15 - 2020-04-21 15:15 - 000001607 _____ C:\Users\MarKay\Documents\malware.txt
    2020-04-21 15:12 - 2020-04-21 15:29 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2020-04-21 15:12 - 2020-04-21 15:12 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2020-04-21 15:12 - 2020-04-21 15:12 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2020-04-21 15:01 - 2020-04-21 15:01 - 000000000 ____D C:\Users\MarKay\AppData\Local\mbam
    2020-04-21 14:59 - 2020-04-21 14:59 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-04-21 14:59 - 2020-04-21 14:59 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-04-21 14:59 - 2020-04-21 14:59 - 000000000 ____D C:\Users\MarKay\AppData\Local\mbamtray
    2020-04-21 14:58 - 2020-04-21 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2020-04-21 14:58 - 2020-04-21 14:58 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2020-04-21 14:58 - 2020-04-21 14:58 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2020-04-21 14:58 - 2020-04-21 14:57 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2020-04-21 14:58 - 2020-04-21 14:56 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2020-04-21 14:57 - 2020-04-21 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes
    2020-04-21 14:55 - 2020-04-21 14:55 - 001928352 _____ (Malwarebytes) C:\Users\MarKay\Downloads\MBSetup-076981.076981-Consumer.exe
    2020-04-21 14:55 - 2020-04-21 14:55 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-04-21 14:49 - 2020-04-21 14:49 - 000000000 ____D C:\Users\MarKay\AppData\Roaming\Microsoft Teams
    2020-04-21 14:43 - 2020-04-21 14:49 - 000000000 ____D C:\Users\MarKay\AppData\Local\SquirrelTemp
    2020-04-21 14:31 - 2020-02-03 17:18 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2020-04-21 14:31 - 2020-02-03 17:18 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2020-04-21 14:10 - 2020-04-21 14:14 - 000000000 ____D C:\AdwCleaner
    2020-04-21 14:09 - 2020-04-21 14:09 - 008196784 _____ (Malwarebytes) C:\Users\MarKay\Downloads\adwcleaner_8.0.4.exe
    2020-04-21 12:23 - 2019-03-28 03:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    2020-04-21 12:23 - 2019-03-28 03:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
    2020-04-21 12:23 - 2019-03-28 03:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2020-04-21 12:23 - 2019-03-28 03:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
    2020-04-21 12:23 - 2019-03-28 00:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
    2020-04-21 12:23 - 2019-03-28 00:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
    2020-04-21 12:23 - 2019-03-28 00:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
    2020-04-21 12:23 - 2019-03-28 00:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
    2020-04-21 12:22 - 2019-03-28 00:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
    2020-04-21 12:22 - 2019-03-28 00:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
    2020-04-21 11:33 - 2020-04-21 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2020-04-19 21:16 - 2020-04-21 11:38 - 005197368 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2020-04-14 06:19 - 2020-04-14 06:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2020-04-09 17:02 - 2019-02-12 23:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2020-04-09 16:35 - 2020-04-09 16:35 - 000000000 ____D C:\WINDOWS\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
    2020-04-06 13:50 - 2019-09-03 23:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2020-04-06 13:49 - 2020-01-07 03:36 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
    2020-04-06 13:49 - 2020-01-07 03:35 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
    2020-04-06 13:49 - 2020-01-07 03:35 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
    2020-04-06 13:49 - 2020-01-07 02:03 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
    2020-04-06 13:49 - 2020-01-06 21:58 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2020-04-06 13:49 - 2019-11-08 01:45 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
    2020-04-06 13:49 - 2019-11-08 00:03 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
    2020-04-06 13:49 - 2019-11-07 20:40 - 000060216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
    2020-04-06 13:49 - 2019-11-07 20:30 - 000785776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2020-04-06 13:49 - 2019-11-07 20:12 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2020-04-06 13:49 - 2019-10-02 04:11 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
    2020-04-06 13:49 - 2019-10-02 03:12 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
    2020-04-06 13:49 - 2019-10-01 23:04 - 002774120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2020-04-06 13:49 - 2019-10-01 23:00 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2020-04-06 13:49 - 2019-10-01 22:48 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2020-04-06 13:49 - 2019-10-01 22:47 - 002260928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2020-04-06 13:49 - 2019-10-01 22:14 - 001222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2020-04-06 13:49 - 2019-10-01 22:14 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2020-04-06 13:49 - 2019-10-01 22:14 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
    2020-04-06 13:49 - 2019-09-04 03:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2020-04-06 13:49 - 2019-09-04 03:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
    2020-04-06 13:49 - 2019-09-03 22:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2020-04-06 13:49 - 2019-09-03 22:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2020-04-06 13:49 - 2019-08-07 02:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
    2020-04-06 13:49 - 2019-08-07 02:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
    2020-04-06 13:49 - 2019-08-07 01:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
    2020-04-06 13:49 - 2019-08-07 01:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2020-04-06 13:49 - 2019-08-07 01:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2020-04-06 13:49 - 2019-07-08 20:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
    2020-04-06 13:49 - 2019-07-08 20:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2020-04-06 13:49 - 2019-07-08 20:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
    2020-04-06 13:49 - 2019-06-21 02:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2020-04-06 13:48 - 2020-01-07 03:37 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
    2020-04-06 13:48 - 2020-01-07 03:34 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
    2020-04-06 13:48 - 2020-01-07 03:34 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
    2020-04-06 13:48 - 2020-01-07 02:00 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
    2020-04-06 13:48 - 2020-01-06 21:58 - 000694184 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2020-04-06 13:48 - 2020-01-06 21:48 - 000538912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2020-04-06 13:48 - 2020-01-06 21:29 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2020-04-06 13:48 - 2020-01-06 21:28 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
    2020-04-06 13:48 - 2020-01-06 21:23 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2020-04-06 13:48 - 2020-01-06 21:23 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
    2020-04-06 13:48 - 2020-01-06 21:22 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
    2020-04-06 13:48 - 2019-11-28 04:31 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2020-04-06 13:48 - 2019-11-28 04:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2020-04-06 13:48 - 2019-11-28 04:30 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2020-04-06 13:48 - 2019-11-28 02:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2020-04-06 13:48 - 2019-11-28 02:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2020-04-06 13:48 - 2019-11-28 02:52 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2020-04-06 13:48 - 2019-11-27 22:41 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
    2020-04-06 13:48 - 2019-11-27 22:36 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2020-04-06 13:48 - 2019-11-27 22:28 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2020-04-06 13:48 - 2019-11-08 01:41 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2020-04-06 13:48 - 2019-11-07 20:39 - 000227848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2020-04-06 13:48 - 2019-11-07 20:38 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2020-04-06 13:48 - 2019-11-07 20:38 - 000605712 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2020-04-06 13:48 - 2019-11-07 20:38 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2020-04-06 13:48 - 2019-11-07 20:13 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
    2020-04-06 13:48 - 2019-11-07 20:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
    2020-04-06 13:48 - 2019-11-07 20:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2020-04-06 13:48 - 2019-10-02 04:09 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
    2020-04-06 13:48 - 2019-10-02 04:07 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2020-04-06 13:48 - 2019-10-02 03:11 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll
    2020-04-06 13:48 - 2019-10-01 23:05 - 000092472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2020-04-06 13:48 - 2019-10-01 22:51 - 000192312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2020-04-06 13:48 - 2019-10-01 22:50 - 000536832 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2020-04-06 13:48 - 2019-10-01 22:48 - 000402744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2020-04-06 13:48 - 2019-10-01 22:35 - 000465832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2020-04-06 13:48 - 2019-10-01 22:14 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2020-04-06 13:48 - 2019-10-01 22:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2020-04-06 13:48 - 2019-09-13 04:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2020-04-06 13:48 - 2019-09-12 22:47 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2020-04-06 13:48 - 2019-09-12 22:47 - 000081720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
    2020-04-06 13:48 - 2019-09-12 22:47 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
    2020-04-06 13:48 - 2019-09-12 22:21 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2020-04-06 13:48 - 2019-09-12 22:21 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
    2020-04-06 13:48 - 2019-09-12 22:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2020-04-06 13:48 - 2019-09-12 22:13 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2020-04-06 13:48 - 2019-09-12 22:13 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2020-04-06 13:48 - 2019-09-12 22:11 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2020-04-06 13:48 - 2019-09-03 23:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2020-04-06 13:48 - 2019-09-03 23:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
    2020-04-06 13:48 - 2019-09-03 22:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2020-04-06 13:48 - 2019-09-03 22:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
    2020-04-06 13:48 - 2019-08-13 08:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
    2020-04-06 13:48 - 2019-08-13 08:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
    2020-04-06 13:48 - 2019-08-12 22:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
    2020-04-06 13:48 - 2019-08-12 22:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
    2020-04-06 13:48 - 2019-08-12 22:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2020-04-06 13:48 - 2019-08-12 20:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
    2020-04-06 13:48 - 2019-08-07 01:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
    2020-04-06 13:48 - 2019-08-07 01:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2020-04-06 13:48 - 2019-08-07 01:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2020-04-06 13:48 - 2019-08-07 01:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2020-04-06 13:48 - 2019-08-07 01:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2020-04-06 13:48 - 2019-08-07 01:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
    2020-04-06 13:48 - 2019-07-08 21:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
    2020-04-06 13:48 - 2019-07-08 20:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
    2020-04-06 13:48 - 2019-06-13 00:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2020-04-06 13:48 - 2019-06-13 00:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
    2020-04-06 13:48 - 2019-06-12 22:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
    2020-04-06 13:47 - 2020-01-06 22:00 - 000568312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2020-04-06 13:47 - 2020-01-06 21:59 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2020-04-06 13:47 - 2020-01-06 21:58 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2020-04-06 13:47 - 2020-01-06 21:47 - 000222736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2020-04-06 13:47 - 2020-01-06 21:24 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2020-04-06 13:47 - 2019-11-27 22:52 - 025857024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2020-04-06 13:47 - 2019-11-27 22:40 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2020-04-06 13:47 - 2019-11-08 01:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
    2020-04-06 13:47 - 2019-11-08 01:42 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2020-04-06 13:47 - 2019-11-07 20:13 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
    2020-04-06 13:47 - 2019-11-07 20:10 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2020-04-06 13:47 - 2019-10-02 04:48 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2020-04-06 13:47 - 2019-10-02 04:47 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2020-04-06 13:47 - 2019-10-02 04:45 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2020-04-06 13:47 - 2019-10-02 04:09 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
    2020-04-06 13:47 - 2019-10-02 02:41 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2020-04-06 13:47 - 2019-10-01 23:01 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2020-04-06 13:47 - 2019-10-01 23:00 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2020-04-06 13:47 - 2019-10-01 22:49 - 000550512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2020-04-06 13:47 - 2019-10-01 22:28 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
    2020-04-06 13:47 - 2019-10-01 22:27 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2020-04-06 13:47 - 2019-10-01 22:25 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2020-04-06 13:47 - 2019-10-01 22:23 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2020-04-06 13:47 - 2019-10-01 22:22 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2020-04-06 13:47 - 2019-10-01 22:18 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2020-04-06 13:47 - 2019-09-12 22:48 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2020-04-06 13:47 - 2019-09-12 22:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2020-04-06 13:47 - 2019-09-12 22:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
    2020-04-06 13:47 - 2019-09-12 22:20 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2020-04-06 13:47 - 2019-09-12 22:17 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
    2020-04-06 13:47 - 2019-09-12 22:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2020-04-06 13:47 - 2019-09-12 22:14 - 001809408 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2020-04-06 13:47 - 2019-09-12 22:12 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2020-04-06 13:47 - 2019-09-03 23:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2020-04-06 13:47 - 2019-09-03 22:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2020-04-06 13:47 - 2019-08-12 22:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2020-04-06 13:47 - 2019-08-12 22:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2020-04-06 13:47 - 2019-08-07 02:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2020-04-06 13:47 - 2019-08-07 01:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
    2020-04-06 13:47 - 2019-08-07 01:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
    2020-04-06 13:47 - 2019-07-09 01:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
    2020-04-06 13:47 - 2019-07-09 01:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
    2020-04-06 13:47 - 2019-07-09 00:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
    2020-04-06 13:47 - 2019-07-08 21:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
    2020-04-06 13:47 - 2019-07-08 21:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2020-04-06 13:47 - 2019-07-08 21:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2020-04-06 13:47 - 2019-07-08 20:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
    2020-04-06 13:47 - 2019-07-08 20:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2020-04-06 13:47 - 2019-06-13 05:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2020-04-06 13:47 - 2019-06-13 05:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
    2020-04-06 13:47 - 2019-06-13 05:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
    2020-04-06 13:47 - 2019-06-13 05:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2020-04-06 13:47 - 2019-06-13 05:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
    2020-04-06 13:47 - 2019-06-13 05:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
    2020-04-06 13:47 - 2019-06-13 03:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
    2020-04-06 13:46 - 2020-01-07 03:33 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2020-04-06 13:46 - 2020-01-07 03:32 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2020-04-06 13:46 - 2020-01-07 01:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2020-04-06 13:46 - 2020-01-06 20:02 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
    2020-04-06 13:46 - 2019-11-28 04:52 - 000094216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2020-04-06 13:46 - 2019-11-27 23:09 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2020-04-06 13:46 - 2019-11-27 23:09 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2020-04-06 13:46 - 2019-11-27 22:48 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2020-04-06 13:46 - 2019-11-08 01:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2020-04-06 13:46 - 2019-11-08 01:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
    2020-04-06 13:46 - 2019-11-08 01:40 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2020-04-06 13:46 - 2019-11-08 01:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2020-04-06 13:46 - 2019-11-08 01:38 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2020-04-06 13:46 - 2019-11-07 23:58 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2020-04-06 13:46 - 2019-11-07 23:57 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2020-04-06 13:46 - 2019-11-07 23:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2020-04-06 13:46 - 2019-11-07 20:38 - 000466744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2020-04-06 13:46 - 2019-11-07 20:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
    2020-04-06 13:46 - 2019-11-07 20:12 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
    2020-04-06 13:46 - 2019-11-07 20:11 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
    2020-04-06 13:46 - 2019-11-07 20:10 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
    2020-04-06 13:46 - 2019-11-07 20:09 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
    2020-04-06 13:46 - 2019-10-02 04:46 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2020-04-06 13:46 - 2019-10-02 04:29 - 001517480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2020-04-06 13:46 - 2019-10-02 03:24 - 001320640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2020-04-06 13:46 - 2019-10-02 02:25 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
    2020-04-06 13:46 - 2019-10-01 23:19 - 000374584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2020-04-06 13:46 - 2019-10-01 23:01 - 002468048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2020-04-06 13:46 - 2019-10-01 22:48 - 001990056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2020-04-06 13:46 - 2019-10-01 22:48 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
    2020-04-06 13:46 - 2019-10-01 22:40 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2020-04-06 13:46 - 2019-10-01 22:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
    2020-04-06 13:46 - 2019-10-01 22:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
    2020-04-06 13:46 - 2019-10-01 22:18 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2020-04-06 13:46 - 2019-09-13 04:40 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
    2020-04-06 13:46 - 2019-09-12 22:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2020-04-06 13:46 - 2019-09-12 22:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2020-04-06 13:46 - 2019-09-12 22:15 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
    2020-04-06 13:46 - 2019-09-12 22:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2020-04-06 13:46 - 2019-09-04 03:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2020-04-06 13:46 - 2019-09-03 22:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2020-04-06 13:46 - 2019-09-03 22:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2020-04-06 13:46 - 2019-08-12 20:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls
    2020-04-06 13:46 - 2019-08-12 20:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls
    2020-04-06 13:46 - 2019-08-07 02:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2020-04-06 13:46 - 2019-08-07 02:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
    2020-04-06 13:46 - 2019-08-07 01:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
    2020-04-06 13:46 - 2019-08-07 01:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
    2020-04-06 13:46 - 2019-08-07 01:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2020-04-06 13:46 - 2019-08-07 01:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2020-04-06 13:46 - 2019-08-07 01:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
    2020-04-06 13:46 - 2019-07-08 21:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2020-04-06 13:46 - 2019-07-08 21:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
    2020-04-06 13:46 - 2019-07-08 20:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
    2020-04-06 13:46 - 2019-07-08 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
    2020-04-06 13:46 - 2019-07-03 22:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2020-04-06 13:46 - 2019-07-03 22:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2020-04-06 13:46 - 2019-07-03 22:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2020-04-06 13:46 - 2019-07-03 22:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
    2020-04-06 13:46 - 2019-06-13 03:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2020-04-06 13:46 - 2019-06-13 00:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
    2020-04-06 13:46 - 2019-06-13 00:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2020-04-06 13:46 - 2019-06-13 00:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
    2020-04-06 13:46 - 2019-06-12 22:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2020-04-06 13:45 - 2020-01-06 22:00 - 001224504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2020-04-06 13:45 - 2020-01-06 22:00 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2020-04-06 13:45 - 2020-01-06 21:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2020-04-06 13:45 - 2020-01-06 21:28 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2020-04-06 13:45 - 2020-01-06 21:27 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2020-04-06 13:45 - 2020-01-06 21:23 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2020-04-06 13:45 - 2019-11-28 04:47 - 000490336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2020-04-06 13:45 - 2019-11-27 23:10 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2020-04-06 13:45 - 2019-11-27 22:49 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2020-04-06 13:45 - 2019-11-08 02:20 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2020-04-06 13:45 - 2019-11-08 02:20 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2020-04-06 13:45 - 2019-11-08 02:20 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2020-04-06 13:45 - 2019-11-07 20:39 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2020-04-06 13:45 - 2019-11-07 20:13 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
    2020-04-06 13:45 - 2019-11-07 20:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2020-04-06 13:45 - 2019-10-02 04:50 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2020-04-06 13:45 - 2019-10-02 04:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2020-04-06 13:45 - 2019-10-02 04:45 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2020-04-06 13:45 - 2019-10-02 04:45 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2020-04-06 13:45 - 2019-10-02 04:45 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
    2020-04-06 13:45 - 2019-10-02 04:45 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2020-04-06 13:45 - 2019-10-02 04:34 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2020-04-06 13:45 - 2019-10-02 04:07 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2020-04-06 13:45 - 2019-10-01 23:01 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2020-04-06 13:45 - 2019-10-01 23:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2020-04-06 13:45 - 2019-10-01 23:01 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2020-04-06 13:45 - 2019-10-01 23:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2020-04-06 13:45 - 2019-10-01 22:49 - 000088016 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
    2020-04-06 13:45 - 2019-10-01 22:48 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
    2020-04-06 13:45 - 2019-10-01 22:28 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2020-04-06 13:45 - 2019-10-01 22:28 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2020-04-06 13:45 - 2019-10-01 22:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2020-04-06 13:45 - 2019-10-01 22:26 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2020-04-06 13:45 - 2019-10-01 22:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2020-04-06 13:45 - 2019-10-01 22:24 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2020-04-06 13:45 - 2019-10-01 22:24 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2020-04-06 13:45 - 2019-10-01 22:19 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2020-04-06 13:45 - 2019-10-01 22:18 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2020-04-06 13:45 - 2019-10-01 22:17 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2020-04-06 13:45 - 2019-10-01 22:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2020-04-06 13:45 - 2019-10-01 22:16 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
    2020-04-06 13:45 - 2019-10-01 22:15 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2020-04-06 13:45 - 2019-10-01 22:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2020-04-06 13:45 - 2019-09-13 04:56 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
    2020-04-06 13:45 - 2019-09-13 04:44 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2020-04-06 13:45 - 2019-09-13 04:44 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2020-04-06 13:45 - 2019-09-12 22:21 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2020-04-06 13:45 - 2019-09-12 22:15 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2020-04-06 13:45 - 2019-09-12 22:13 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
    2020-04-06 13:45 - 2019-09-12 22:12 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2020-04-06 13:45 - 2019-09-12 22:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
    2020-04-06 13:45 - 2019-09-10 01:17 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2020-04-06 13:45 - 2019-09-03 23:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2020-04-06 13:45 - 2019-09-03 22:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2020-04-06 13:45 - 2019-09-03 22:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2020-04-06 13:45 - 2019-09-03 22:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2020-04-06 13:45 - 2019-09-03 22:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2020-04-06 13:45 - 2019-09-03 22:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2020-04-06 13:45 - 2019-08-13 08:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2020-04-06 13:45 - 2019-08-13 08:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2020-04-06 13:45 - 2019-08-13 03:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2020-04-06 13:45 - 2019-08-07 02:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2020-04-06 13:45 - 2019-08-07 01:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2020-04-06 13:45 - 2019-08-07 01:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
    2020-04-06 13:45 - 2019-08-07 01:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2020-04-06 13:45 - 2019-07-09 02:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2020-04-06 13:45 - 2019-07-09 01:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
    2020-04-06 13:45 - 2019-07-08 21:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2020-04-06 13:45 - 2019-07-08 21:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2020-04-06 13:45 - 2019-07-08 21:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2020-04-06 13:45 - 2019-07-08 21:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2020-04-06 13:45 - 2019-07-08 20:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2020-04-06 13:45 - 2019-07-08 20:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2020-04-06 13:45 - 2019-07-08 20:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2020-04-06 13:45 - 2019-07-08 20:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2020-04-06 13:45 - 2019-07-08 20:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2020-04-06 13:45 - 2019-07-08 20:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2020-04-06 13:45 - 2019-06-13 05:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
    2020-04-06 13:45 - 2019-06-13 05:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
    2020-04-06 13:45 - 2019-06-13 05:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2020-04-06 13:45 - 2019-06-13 05:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
    2020-04-06 13:45 - 2019-06-13 03:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
    2020-04-06 13:45 - 2019-06-13 00:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2020-04-06 13:44 - 2020-01-07 03:34 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
    2020-04-06 13:44 - 2020-01-07 02:01 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
    2020-04-06 13:44 - 2020-01-06 21:59 - 001798664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2020-04-06 13:44 - 2020-01-06 21:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2020-04-06 13:44 - 2020-01-06 21:28 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2020-04-06 13:44 - 2020-01-06 21:28 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2020-04-06 13:44 - 2019-11-28 04:47 - 000790928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2020-04-06 13:44 - 2019-11-28 04:47 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2020-04-06 13:44 - 2019-11-28 04:26 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
    2020-04-06 13:44 - 2019-11-28 03:07 - 000662840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2020-04-06 13:44 - 2019-11-28 03:06 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2020-04-06 13:44 - 2019-11-27 23:09 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2020-04-06 13:44 - 2019-11-27 22:48 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2020-04-06 13:44 - 2019-11-27 22:41 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2020-04-06 13:44 - 2019-11-27 22:40 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2020-04-06 13:44 - 2019-11-27 22:39 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2020-04-06 13:44 - 2019-11-27 22:36 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2020-04-06 13:44 - 2019-11-27 22:35 - 001418752 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2020-04-06 13:44 - 2019-11-07 20:39 - 000727584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2020-04-06 13:44 - 2019-11-07 20:39 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2020-04-06 13:44 - 2019-11-07 20:31 - 000379432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2020-04-06 13:44 - 2019-11-07 20:12 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2020-04-06 13:44 - 2019-11-07 20:10 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2020-04-06 13:44 - 2019-11-07 20:09 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2020-04-06 13:44 - 2019-10-02 05:14 - 000349216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2020-04-06 13:44 - 2019-10-02 05:08 - 001047568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2020-04-06 13:44 - 2019-10-02 04:27 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2020-04-06 13:44 - 2019-10-02 04:06 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
    2020-04-06 13:44 - 2019-10-02 03:23 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2020-04-06 13:44 - 2019-10-02 03:07 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
    2020-04-06 13:44 - 2019-10-02 02:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2020-04-06 13:44 - 2019-10-01 23:02 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
    2020-04-06 13:44 - 2019-10-01 23:02 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2020-04-06 13:44 - 2019-10-01 23:00 - 000039032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
    2020-04-06 13:44 - 2019-10-01 22:50 - 000148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2020-04-06 13:44 - 2019-10-01 22:50 - 000095224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2020-04-06 13:44 - 2019-10-01 22:49 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2020-04-06 13:44 - 2019-10-01 22:48 - 000430304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
    2020-04-06 13:44 - 2019-10-01 22:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
    2020-04-06 13:44 - 2019-10-01 22:47 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2020-04-06 13:44 - 2019-10-01 22:34 - 000129360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
    2020-04-06 13:44 - 2019-10-01 22:34 - 000081040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
    2020-04-06 13:44 - 2019-10-01 22:32 - 000412696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
    2020-04-06 13:44 - 2019-10-01 22:28 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2020-04-06 13:44 - 2019-10-01 22:25 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2020-04-06 13:44 - 2019-10-01 22:18 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
    2020-04-06 13:44 - 2019-10-01 22:16 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2020-04-06 13:44 - 2019-10-01 22:14 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2020-04-06 13:44 - 2019-10-01 22:09 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2020-04-06 13:44 - 2019-09-13 05:03 - 000586680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2020-04-06 13:44 - 2019-09-13 04:41 - 001644032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2020-04-06 13:44 - 2019-09-13 04:41 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2020-04-06 13:44 - 2019-09-13 04:40 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2020-04-06 13:44 - 2019-09-13 03:18 - 000470512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2020-04-06 13:44 - 2019-09-13 03:01 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
    2020-04-06 13:44 - 2019-09-13 03:01 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2020-04-06 13:44 - 2019-09-12 22:49 - 000274792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2020-04-06 13:44 - 2019-09-12 22:48 - 000710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2020-04-06 13:44 - 2019-09-12 22:21 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2020-04-06 13:44 - 2019-09-12 22:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2020-04-06 13:44 - 2019-09-12 22:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2020-04-06 13:44 - 2019-09-12 22:17 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2020-04-06 13:44 - 2019-09-12 22:16 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2020-04-06 13:44 - 2019-09-12 22:15 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2020-04-06 13:44 - 2019-09-12 22:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2020-04-06 13:44 - 2019-09-12 22:14 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2020-04-06 13:44 - 2019-09-12 22:14 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2020-04-06 13:44 - 2019-09-12 22:13 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2020-04-06 13:44 - 2019-09-12 22:12 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2020-04-06 13:44 - 2019-09-12 22:11 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2020-04-06 13:44 - 2019-09-03 23:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2020-04-06 13:44 - 2019-09-03 23:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2020-04-06 13:44 - 2019-09-03 22:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2020-04-06 13:44 - 2019-09-03 22:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2020-04-06 13:44 - 2019-09-03 22:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2020-04-06 13:44 - 2019-08-13 12:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
    2020-04-06 13:44 - 2019-08-13 03:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
    2020-04-06 13:44 - 2019-08-12 22:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2020-04-06 13:44 - 2019-08-12 22:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
    2020-04-06 13:44 - 2019-08-07 02:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2020-04-06 13:44 - 2019-08-07 02:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2020-04-06 13:44 - 2019-08-07 01:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2020-04-06 13:44 - 2019-08-07 01:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2020-04-06 13:44 - 2019-08-07 01:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2020-04-06 13:44 - 2019-08-07 01:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
    2020-04-06 13:44 - 2019-08-07 01:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2020-04-06 13:44 - 2019-08-07 01:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2020-04-06 13:44 - 2019-07-09 01:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2020-04-06 13:44 - 2019-07-09 00:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2020-04-06 13:44 - 2019-07-08 21:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2020-04-06 13:44 - 2019-07-08 21:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
    2020-04-06 13:44 - 2019-07-08 21:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
    2020-04-06 13:44 - 2019-07-08 20:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
    2020-04-06 13:44 - 2019-07-08 20:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2020-04-06 13:44 - 2019-07-08 20:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2020-04-06 13:44 - 2019-07-08 20:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2020-04-06 13:44 - 2019-07-08 20:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2020-04-06 13:44 - 2019-07-03 22:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2020-04-06 13:44 - 2019-07-03 22:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2020-04-06 13:44 - 2019-07-03 22:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2020-04-06 13:44 - 2019-07-03 22:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2020-04-06 13:44 - 2019-06-13 00:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2020-04-06 13:44 - 2019-06-13 00:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2020-04-06 13:44 - 2019-06-13 00:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2020-04-06 13:43 - 2020-01-07 03:54 - 001639864 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2020-04-06 13:43 - 2020-01-07 02:15 - 001628496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2020-04-06 13:43 - 2020-01-06 22:00 - 000076328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2020-04-06 13:43 - 2020-01-06 21:59 - 001964176 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2020-04-06 13:43 - 2020-01-06 21:48 - 001659944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2020-04-06 13:43 - 2020-01-06 21:27 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2020-04-06 13:43 - 2020-01-06 21:25 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2020-04-06 13:43 - 2020-01-06 21:24 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2020-04-06 13:43 - 2020-01-06 21:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2020-04-06 13:43 - 2019-11-27 23:11 - 000498072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2020-04-06 13:43 - 2019-11-27 23:09 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2020-04-06 13:43 - 2019-11-27 23:09 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2020-04-06 13:43 - 2019-11-27 23:09 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2020-04-06 13:43 - 2019-11-27 23:09 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2020-04-06 13:43 - 2019-11-27 22:51 - 000424208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2020-04-06 13:43 - 2019-11-27 22:39 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2020-04-06 13:43 - 2019-11-27 22:38 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2020-04-06 13:43 - 2019-11-27 22:28 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2020-04-06 13:43 - 2019-11-07 20:39 - 000500752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2020-04-06 13:43 - 2019-11-07 20:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2020-04-06 13:43 - 2019-10-31 20:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2020-04-06 13:43 - 2019-10-02 04:09 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2020-04-06 13:43 - 2019-10-02 04:05 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
    2020-04-06 13:43 - 2019-10-02 03:08 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
    2020-04-06 13:43 - 2019-10-02 03:06 - 002406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2020-04-06 13:43 - 2019-10-01 23:00 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2020-04-06 13:43 - 2019-10-01 22:59 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2020-04-06 13:43 - 2019-10-01 22:49 - 000769288 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
    2020-04-06 13:43 - 2019-10-01 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2020-04-06 13:43 - 2019-10-01 22:47 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2020-04-06 13:43 - 2019-10-01 22:34 - 000526512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
    2020-04-06 13:43 - 2019-10-01 22:23 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2020-04-06 13:43 - 2019-10-01 22:23 - 004517376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2020-04-06 13:43 - 2019-10-01 22:19 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2020-04-06 13:43 - 2019-10-01 22:18 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2020-04-06 13:43 - 2019-10-01 22:14 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2020-04-06 13:43 - 2019-10-01 22:14 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
    2020-04-06 13:43 - 2019-10-01 22:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2020-04-06 13:43 - 2019-10-01 22:13 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2020-04-06 13:43 - 2019-10-01 22:09 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2020-04-06 13:43 - 2019-09-13 04:40 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2020-04-06 13:43 - 2019-09-13 03:00 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2020-04-06 13:43 - 2019-09-12 22:58 - 007900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2020-04-06 13:43 - 2019-09-12 22:56 - 005821448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2020-04-06 13:43 - 2019-09-12 22:15 - 002913792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2020-04-06 13:43 - 2019-09-12 22:11 - 000979456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
    2020-04-06 13:43 - 2019-09-09 19:20 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2020-04-06 13:43 - 2019-09-09 19:20 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2020-04-06 13:43 - 2019-09-03 23:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2020-04-06 13:43 - 2019-09-03 23:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2020-04-06 13:43 - 2019-09-03 23:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2020-04-06 13:43 - 2019-09-03 23:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2020-04-06 13:43 - 2019-09-03 22:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2020-04-06 13:43 - 2019-09-03 22:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2020-04-06 13:43 - 2019-09-03 22:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2020-04-06 13:43 - 2019-08-13 09:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2020-04-06 13:43 - 2019-08-12 22:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2020-04-06 13:43 - 2019-08-12 22:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2020-04-06 13:43 - 2019-08-12 22:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2020-04-06 13:43 - 2019-08-12 19:24 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2020-04-06 13:43 - 2019-08-12 18:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2020-04-06 13:43 - 2019-08-07 02:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2020-04-06 13:43 - 2019-07-10 19:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2020-04-06 13:43 - 2019-07-08 21:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2020-04-06 13:43 - 2019-07-08 21:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2020-04-06 13:43 - 2019-07-08 20:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2020-04-06 13:43 - 2019-07-08 20:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2020-04-06 13:43 - 2019-07-08 20:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
    2020-04-06 13:43 - 2019-07-08 20:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2020-04-06 13:43 - 2019-07-08 20:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2020-04-06 13:43 - 2019-06-19 20:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
    2020-04-06 13:43 - 2019-06-13 05:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2020-04-06 13:43 - 2019-06-13 05:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2020-04-06 13:43 - 2019-06-13 05:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
    2020-04-06 13:43 - 2019-06-13 05:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2020-04-06 13:43 - 2019-06-13 01:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2020-04-06 13:43 - 2019-06-13 01:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
    2020-04-06 13:43 - 2019-06-13 00:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2020-04-06 13:43 - 2019-06-13 00:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2020-04-06 13:43 - 2019-06-12 22:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2020-04-06 13:42 - 2020-01-07 03:33 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2020-04-06 13:42 - 2020-01-07 01:59 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2020-04-06 13:42 - 2020-01-06 22:03 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2020-04-06 13:42 - 2020-01-06 21:59 - 002810896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2020-04-06 13:42 - 2020-01-06 21:58 - 009080848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2020-04-06 13:42 - 2020-01-06 21:30 - 003403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2020-04-06 13:42 - 2020-01-06 21:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2020-04-06 13:42 - 2020-01-06 21:25 - 002179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2020-04-06 13:42 - 2020-01-06 21:25 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2020-04-06 13:42 - 2020-01-06 21:24 - 002163712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2020-04-06 13:42 - 2020-01-06 21:24 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2020-04-06 13:42 - 2020-01-06 21:24 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2020-04-06 13:42 - 2020-01-06 21:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2020-04-06 13:42 - 2020-01-06 21:23 - 001058816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2020-04-06 13:42 - 2020-01-06 21:23 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2020-04-06 13:42 - 2020-01-06 21:23 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2020-04-06 13:42 - 2019-11-28 04:46 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2020-04-06 13:42 - 2019-11-28 03:09 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2020-04-06 13:42 - 2019-11-27 23:10 - 002571336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2020-04-06 13:42 - 2019-11-27 22:49 - 001979960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2020-04-06 13:42 - 2019-11-27 22:35 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2020-04-06 13:42 - 2019-11-27 22:25 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2020-04-06 13:42 - 2019-11-08 01:38 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2020-04-06 13:42 - 2019-11-07 20:38 - 002711352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2020-04-06 13:42 - 2019-11-07 20:10 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2020-04-06 13:42 - 2019-11-07 20:09 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2020-04-06 13:42 - 2019-11-07 20:08 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2020-04-06 13:42 - 2019-11-07 20:08 - 002603008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2020-04-06 13:42 - 2019-10-02 04:50 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2020-04-06 13:42 - 2019-10-02 04:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2020-04-06 13:42 - 2019-10-02 04:06 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
    2020-04-06 13:42 - 2019-10-02 03:07 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
    2020-04-06 13:42 - 2019-10-02 02:42 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2020-04-06 13:42 - 2019-10-01 23:01 - 001288928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2020-04-06 13:42 - 2019-10-01 22:59 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2020-04-06 13:42 - 2019-10-01 22:59 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2020-04-06 13:42 - 2019-10-01 22:48 - 002421776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2020-04-06 13:42 - 2019-10-01 22:48 - 001922056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2020-04-06 13:42 - 2019-10-01 22:47 - 001380312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2020-04-06 13:42 - 2019-10-01 22:47 - 001020280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2020-04-06 13:42 - 2019-10-01 22:47 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2020-04-06 13:42 - 2019-10-01 22:22 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2020-04-06 13:42 - 2019-10-01 22:15 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2020-04-06 13:42 - 2019-10-01 22:11 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2020-04-06 13:42 - 2019-09-13 04:57 - 001375456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2020-04-06 13:42 - 2019-09-13 03:17 - 001026280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2020-04-06 13:42 - 2019-09-12 22:48 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2020-04-06 13:42 - 2019-09-12 22:47 - 001947168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2020-04-06 13:42 - 2019-09-12 22:36 - 002478152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2020-04-06 13:42 - 2019-09-12 22:35 - 001559272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2020-04-06 13:42 - 2019-09-03 23:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2020-04-06 13:42 - 2019-08-13 12:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2020-04-06 13:42 - 2019-06-13 05:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
    2020-04-06 13:42 - 2019-06-13 05:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2020-04-06 13:42 - 2019-06-13 00:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
    2020-04-06 13:42 - 2019-06-13 00:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
    2020-04-06 13:42 - 2019-06-13 00:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2020-04-06 13:42 - 2019-06-13 00:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
    2020-04-06 13:42 - 2019-06-12 22:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
    2020-04-06 13:42 - 2019-06-12 22:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
    2020-04-06 13:42 - 2019-06-12 22:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2020-04-06 13:41 - 2020-01-07 04:02 - 000403584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
    2020-04-06 13:41 - 2020-01-07 03:54 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2020-04-06 13:41 - 2020-01-07 03:37 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2020-04-06 13:41 - 2020-01-07 02:15 - 000358128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
    2020-04-06 13:41 - 2020-01-07 02:00 - 007991808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2020-04-06 13:41 - 2020-01-07 01:24 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2020-04-06 13:41 - 2020-01-06 23:27 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2020-04-06 13:41 - 2020-01-06 21:59 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2020-04-06 13:41 - 2020-01-06 21:49 - 001462192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2020-04-06 13:41 - 2020-01-06 21:48 - 006566448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2020-04-06 13:41 - 2020-01-06 21:30 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2020-04-06 13:41 - 2020-01-06 21:27 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2020-04-06 13:41 - 2020-01-06 21:26 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2020-04-06 13:41 - 2020-01-06 21:26 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2020-04-06 13:41 - 2020-01-06 21:24 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2020-04-06 13:41 - 2019-11-28 04:27 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2020-04-06 13:41 - 2019-11-27 23:10 - 002161072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2020-04-06 13:41 - 2019-11-27 22:49 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2020-04-06 13:41 - 2019-11-27 22:43 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2020-04-06 13:41 - 2019-11-27 22:38 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2020-04-06 13:41 - 2019-11-27 22:34 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2020-04-06 13:41 - 2019-11-27 22:28 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2020-04-06 13:41 - 2019-11-08 01:38 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2020-04-06 13:41 - 2019-11-07 23:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2020-04-06 13:41 - 2019-11-07 20:39 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2020-04-06 13:41 - 2019-11-07 20:39 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2020-04-06 13:41 - 2019-11-07 20:39 - 000440768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2020-04-06 13:41 - 2019-11-07 20:39 - 000209936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2020-04-06 13:41 - 2019-11-07 20:39 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2020-04-06 13:41 - 2019-11-07 20:32 - 000435216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2020-04-06 13:41 - 2019-11-07 20:32 - 000385272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2020-04-06 13:41 - 2019-11-07 20:32 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2020-04-06 13:41 - 2019-11-07 20:32 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2020-04-06 13:41 - 2019-11-07 20:31 - 006053808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2020-04-06 13:41 - 2019-11-07 20:31 - 000665432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2020-04-06 13:41 - 2019-11-07 20:17 - 022736384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2020-04-06 13:41 - 2019-10-02 05:10 - 004527072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2020-04-06 13:41 - 2019-10-02 05:08 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2020-04-06 13:41 - 2019-10-02 04:50 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2020-04-06 13:41 - 2019-10-02 04:45 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2020-04-06 13:41 - 2019-10-02 04:28 - 021411976 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2020-04-06 13:41 - 2019-10-02 04:13 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2020-04-06 13:41 - 2019-10-02 03:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2020-04-06 13:41 - 2019-10-02 02:52 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
    2020-04-06 13:41 - 2019-10-01 23:02 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2020-04-06 13:41 - 2019-10-01 22:50 - 006979128 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2020-04-06 13:41 - 2019-10-01 22:47 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2020-04-06 13:41 - 2019-10-01 22:33 - 003330880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
    2020-04-06 13:41 - 2019-10-01 22:26 - 016598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2020-04-06 13:41 - 2019-10-01 22:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2020-04-06 13:41 - 2019-10-01 22:23 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2020-04-06 13:41 - 2019-10-01 22:21 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2020-04-06 13:41 - 2019-10-01 22:20 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2020-04-06 13:41 - 2019-10-01 22:16 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
    2020-04-06 13:41 - 2019-10-01 22:16 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
    2020-04-06 13:41 - 2019-10-01 22:10 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
    2020-04-06 13:41 - 2019-09-13 04:40 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2020-04-06 13:41 - 2019-09-13 04:40 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2020-04-06 13:41 - 2019-09-13 04:39 - 002085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2020-04-06 13:41 - 2019-09-13 04:39 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2020-04-06 13:41 - 2019-09-13 02:59 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2020-04-06 13:41 - 2019-09-12 22:48 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2020-04-06 13:41 - 2019-09-12 22:17 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2020-04-06 13:41 - 2019-09-12 22:15 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2020-04-06 13:41 - 2019-09-12 22:15 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2020-04-06 13:41 - 2019-09-12 22:13 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2020-04-06 13:41 - 2019-09-12 22:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2020-04-06 13:41 - 2019-09-12 22:12 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
    2020-04-06 13:41 - 2019-09-12 22:11 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
    2020-04-06 13:41 - 2019-09-10 01:16 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2020-04-06 13:41 - 2019-09-03 23:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2020-04-06 13:41 - 2019-09-03 23:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2020-04-06 13:41 - 2019-09-03 22:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2020-04-06 13:41 - 2019-09-03 22:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2020-04-06 13:41 - 2019-09-03 22:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2020-04-06 13:41 - 2019-09-03 22:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2020-04-06 13:41 - 2019-09-03 22:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2020-04-06 13:41 - 2019-09-03 22:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2020-04-06 13:41 - 2019-09-03 22:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2020-04-06 13:41 - 2019-09-03 22:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2020-04-06 13:41 - 2019-09-03 22:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2020-04-06 13:41 - 2019-09-03 22:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2020-04-06 13:41 - 2019-09-03 22:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2020-04-06 13:41 - 2019-09-03 22:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2020-04-06 13:41 - 2019-09-03 22:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2020-04-06 13:41 - 2019-09-03 22:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2020-04-06 13:41 - 2019-09-03 22:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2020-04-06 13:41 - 2019-09-03 22:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2020-04-06 13:41 - 2019-09-03 22:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2020-04-06 13:41 - 2019-09-03 22:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2020-04-06 13:41 - 2019-08-13 12:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2020-04-06 13:41 - 2019-08-13 08:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2020-04-06 13:41 - 2019-08-13 08:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2020-04-06 13:41 - 2019-08-13 03:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2020-04-06 13:41 - 2019-08-12 22:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2020-04-06 13:41 - 2019-08-12 22:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2020-04-06 13:41 - 2019-08-07 06:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
    2020-04-06 13:41 - 2019-08-07 06:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
    2020-04-06 13:41 - 2019-08-07 06:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
    2020-04-06 13:41 - 2019-08-07 06:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
    2020-04-06 13:41 - 2019-08-07 06:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
    2020-04-06 13:41 - 2019-08-07 06:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
    2020-04-06 13:41 - 2019-08-07 06:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
    2020-04-06 13:41 - 2019-08-07 06:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
    2020-04-06 13:41 - 2019-08-07 01:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2020-04-06 13:41 - 2019-08-07 01:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
    2020-04-06 13:41 - 2019-08-07 01:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
    2020-04-06 13:41 - 2019-08-07 01:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2020-04-06 13:41 - 2019-08-07 01:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2020-04-06 13:41 - 2019-07-09 01:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
    2020-04-06 13:41 - 2019-07-09 01:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
    2020-04-06 13:41 - 2019-07-09 01:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
    2020-04-06 13:41 - 2019-07-08 20:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2020-04-06 13:41 - 2019-07-04 03:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
    2020-04-06 13:41 - 2019-07-03 22:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2020-04-06 13:41 - 2019-07-03 22:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2020-04-06 13:41 - 2019-07-03 22:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2020-04-06 13:41 - 2019-06-13 05:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
    2020-04-06 13:41 - 2019-06-13 00:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2020-04-06 13:40 - 2019-11-27 22:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2020-04-06 13:40 - 2019-11-08 01:43 - 012835328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2020-04-06 13:40 - 2019-11-08 00:00 - 012036096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2020-04-06 13:40 - 2019-11-07 20:40 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2020-04-06 13:40 - 2019-11-07 20:38 - 007447904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2020-04-06 13:40 - 2019-11-07 20:15 - 019386368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2020-04-06 13:40 - 2019-11-07 20:14 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2020-04-06 13:40 - 2019-10-02 04:53 - 004852736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2020-04-06 13:40 - 2019-10-02 04:47 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2020-04-06 13:40 - 2019-10-02 04:34 - 004098912 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2020-04-06 13:40 - 2019-10-02 04:13 - 006594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2020-04-06 13:40 - 2019-10-02 04:12 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2020-04-06 13:40 - 2019-10-02 03:22 - 020402960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2020-04-06 13:40 - 2019-10-02 03:22 - 003751824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2020-04-06 13:40 - 2019-10-02 03:16 - 005662720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2020-04-06 13:40 - 2019-10-02 02:41 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
    2020-04-06 13:40 - 2019-10-01 23:21 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2020-04-06 13:40 - 2019-10-01 23:20 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2020-04-06 13:40 - 2019-10-01 22:58 - 000795360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
    2020-04-06 13:40 - 2019-10-01 22:49 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2020-04-06 13:40 - 2019-10-01 22:33 - 001254712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
    2020-04-06 13:40 - 2019-10-01 22:28 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2020-04-06 13:40 - 2019-10-01 22:27 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2020-04-06 13:40 - 2019-10-01 22:16 - 002379264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2020-04-06 13:40 - 2019-09-12 22:58 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2020-04-06 13:40 - 2019-09-12 22:56 - 001299472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2020-04-06 13:40 - 2019-08-13 12:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2020-04-06 13:40 - 2019-08-13 04:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2020-04-06 13:40 - 2019-08-13 04:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
    2020-04-06 13:40 - 2019-08-13 03:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
    2020-04-06 13:40 - 2019-08-13 03:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
    2020-04-06 13:40 - 2019-08-07 06:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2020-04-06 13:40 - 2019-08-07 06:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2020-04-06 13:19 - 2020-04-06 13:20 - 000000000 ____D C:\Program Files (x86)\Teams Installer
    2020-04-06 08:17 - 2020-04-21 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-04-21 15:40 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-04-21 15:33 - 2018-05-24 17:01 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-04-21 15:33 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
    2020-04-21 15:31 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-04-21 15:31 - 2015-08-18 17:30 - 000000000 __SHD C:\Users\MarKay\IntelGraphicsProfiles
    2020-04-21 15:30 - 2018-05-24 16:49 - 000000000 ____D C:\Users\MarKay
    2020-04-21 15:30 - 2017-08-22 00:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2020-04-21 15:29 - 2018-05-24 17:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-04-21 15:29 - 2018-05-24 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-04-21 15:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2020-04-21 15:11 - 2015-08-18 18:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-04-21 15:10 - 2018-04-11 15:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2020-04-21 15:08 - 2015-01-10 05:44 - 000000000 ____D C:\Program Files (x86)\Amazon
    2020-04-21 14:58 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2020-04-21 14:56 - 2015-09-13 13:49 - 000000000 ____D C:\Users\MarKay\AppData\Local\Google
    2020-04-21 14:53 - 2016-11-28 10:10 - 000000000 ____D C:\Users\MarKay\AppData\LocalLow\Mozilla
    2020-04-21 14:44 - 2018-02-13 15:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2020-04-21 14:43 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-04-21 14:43 - 2015-08-18 18:41 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2020-04-21 14:41 - 2018-01-12 07:32 - 000000000 ___RD C:\Users\MarKay\3D Objects
    2020-04-21 14:41 - 2015-08-18 17:21 - 000000000 __RHD C:\Users\Public\AccountPictures
    2020-04-21 14:30 - 2018-05-24 16:43 - 000501528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2020-04-21 14:27 - 2015-08-20 13:23 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2020-04-21 14:27 - 2015-08-20 13:23 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2020-04-21 14:21 - 2018-04-11 15:04 - 000000000 ____D C:\WINDOWS\system32\Dism
    2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellComponents
    2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Provisioning
    2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2020-04-21 14:18 - 2015-08-20 13:08 - 000000000 ____D C:\Program Files\Microsoft Silverlight
    2020-04-21 14:18 - 2015-01-10 05:51 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2020-04-21 14:17 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2020-04-21 14:16 - 2019-03-19 01:02 - 000000000 ___HD C:\$WINDOWS.~BT
    2020-04-21 14:16 - 2018-05-23 18:21 - 000000000 ___DC C:\WINDOWS\Panther
    2020-04-21 14:14 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Registration
    2020-04-21 14:03 - 2018-05-24 17:11 - 000009528 _____ C:\WINDOWS\diagwrn.xml
    2020-04-21 14:03 - 2018-05-24 17:11 - 000009528 _____ C:\WINDOWS\diagerr.xml
    2020-04-21 13:33 - 2017-12-29 22:11 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-04-21 13:33 - 2017-12-29 22:11 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-04-21 13:33 - 2017-12-29 22:11 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-04-21 12:38 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2020-04-21 11:59 - 2015-01-10 05:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2020-04-21 11:38 - 2018-07-09 10:03 - 000004584 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-04-21 11:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2020-04-21 11:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2020-04-19 21:18 - 2018-05-24 17:12 - 000004572 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
    2020-04-09 16:35 - 2015-01-10 05:30 - 000000000 ____D C:\ProgramData\Temp
    2020-04-09 16:30 - 2018-05-24 17:12 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3528668509-3968989764-3154782742-1001
    2020-04-09 16:29 - 2018-05-24 16:49 - 000002410 _____ C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-04-09 16:29 - 2015-08-18 17:36 - 000000000 ___RD C:\Users\MarKay\OneDrive
    2020-04-07 01:48 - 2018-06-14 21:22 - 000000000 ____D C:\ProgramData\Packages
    2020-04-07 01:31 - 2018-01-11 19:08 - 000000000 ____D C:\Users\MarKay\AppData\Local\Packages
    2020-04-06 14:18 - 2018-04-11 17:38 - 000017800 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2020-04-06 13:05 - 2015-08-20 13:23 - 000000000 ____D C:\Users\MarKay\AppData\Local\Dropbox
    2020-04-06 12:53 - 2018-05-24 17:12 - 000003982 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
    2020-04-06 12:53 - 2018-05-24 17:12 - 000003750 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
    2020-04-06 08:28 - 2019-06-07 16:11 - 000000000 ____D C:\Program Files\CUAssistant
    2020-04-06 08:21 - 2015-11-17 00:33 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2020-04-06 08:16 - 2018-01-11 17:03 - 000000000 ____D C:\Program Files\rempl
    2020-04-06 08:15 - 2018-05-24 17:12 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-04-06 08:15 - 2018-05-24 17:12 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2020-04-06 08:13 - 2017-12-29 22:11 - 000000000 ____D C:\Program Files (x86)\Google

    ==================== Files in the root of some directories ========

    2016-02-05 21:29 - 2016-08-01 20:16 - 000010886 _____ () C:\Users\MarKay\AppData\Local\OfficeMix_16_0.txt

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================


  5. Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 4/21/20
    Scan Time: 3:01 PM
    Log File: 519a01f8-8413-11ea-bad3-74e6e239d998.json

    -Software Information-
    Version: 4.1.0.56
    Components Version: 1.0.875
    Update Package Version: 1.0.22744
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.1246)
    CPU: x64
    File System: NTFS
    User: MARKAY\MarKay

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 299963
    Threats Detected: 3
    Threats Quarantined: 3
    Time Elapsed: 5 min, 52 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 2
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, 11070, -1, 0.0.0, , action, 
    PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, 11070, -1, 0.0.0, , action, 

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 1
    PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, 11070, 809559, 1.0.22744, , ame, 

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)


  6. # -------------------------------
    # Malwarebytes AdwCleaner 8.0.4.0
    # -------------------------------
    # Build:    04-03-2020
    # Database: 2020-04-08.2 (Cloud)
    # Support:  https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start:    04-21-2020
    # Duration: 00:00:26
    # OS:       Windows 10 Home
    # Cleaned:  23
    # Failed:   1


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\mysearch.avg.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
    Deleted       HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
    Deleted       HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
    Deleted       HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    Deleted       HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    Deleted       HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
    Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
    Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
    Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
    Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
    Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted       AVG Secure Search
    Deleted       https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp
    Deleted       https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp
    Deleted       https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp
    Deleted       https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp
    Not Deleted   AVG Secure Search

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [9031 octets] - [21/04/2020 14:11:16]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     


  7. # DelFix v10.8 - Logfile created 30/11/2014 at 20:54:38
    # Updated 29/07/2014 by Xplode
    # Username : Owner - OWNER-PC
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\_OTL
    Deleted : C:\zoek_backup
    Deleted : C:\AdwCleaner
    Deleted : C:\zoek-results.log
    Deleted : C:\Users\Owner\Desktop\dds.txt
    Deleted : C:\Users\Owner\Desktop\JRT.txt
    Deleted : C:\Users\Owner\Downloads\adwcleaner.exe
    Deleted : C:\Users\Owner\Downloads\adwcleaner_4.102.exe
    Deleted : C:\Users\Owner\Downloads\dds.scr
    Deleted : C:\Users\Owner\Downloads\Extras.Txt
    Deleted : C:\Users\Owner\Downloads\JRT(1).exe
    Deleted : C:\Users\Owner\Downloads\JRT.exe
    Deleted : C:\Users\Owner\Downloads\OTL.Txt
    Deleted : C:\Users\Owner\Downloads\SecurityCheck(1).exe
    Deleted : C:\Users\Owner\Downloads\SecurityCheck.exe
    Deleted : HKLM\SOFTWARE\OldTimer Tools
    Deleted : HKLM\SOFTWARE\AdwCleaner

    ~ Creating registry backup ... OK

    ~ Cleaning system restore ...

    Deleted : RP #253 [Windows Update | 10/31/2014 16:25:43]
    Deleted : RP #254 [Windows Update | 11/05/2014 23:55:27]
    Deleted : RP #255 [Removed WeatherBug | 11/12/2014 23:19:32]
    Deleted : RP #256 [Windows Update | 11/12/2014 23:35:29]
    Deleted : RP #257 [Removed VideoBuzz | 11/12/2014 23:55:50]
    Deleted : RP #258 [Windows Update | 11/13/2014 02:58:38]
    Deleted : RP #259 [Windows Update | 11/19/2014 00:49:58]
    Deleted : RP #260 [Windows Update | 11/21/2014 02:59:09]
    Deleted : RP #261 [Windows Update | 11/26/2014 19:35:03]
    Deleted : RP #262 [zoek.exe restore point | 11/30/2014 17:43:33]
    Deleted : RP #263 [OTL Restore Point - 11/30/2014 8:45:08 PM | 12/01/2014 03:45:10]

    New restore point created !

    ~ Resetting system settings ... OK

    ########## - EOF - ##########


  8. All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ not found.
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Extensions folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\extensions folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dnsshield deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    ========== COMMANDS ==========
     
    [EMPTYJAVA]
     
    User: Administrator
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Guest
     
    User: HomeGroupUser$
     
    User: Owner
    ->Java cache emptied: 0 bytes
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    [EMPTYFLASH]
     
    User: Administrator
     
    User: All Users
     
    User: Default
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Flash cache emptied: 0 bytes
     
    User: Guest
     
    User: HomeGroupUser$
     
    User: Owner
    ->Flash cache emptied: 1704 bytes
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYTEMP]
     
    User: Administrator
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Guest
     
    User: HomeGroupUser$
     
    User: Owner
    ->Temp folder emptied: 5655820 bytes
    ->Temporary Internet Files folder emptied: 3697171 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 78319461 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7994 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 84.00 mb
     
    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point
     
    OTL by OldTimer - Version 3.2.69.0 log created on 11302014_204417

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Owner\AppData\Local\Temp\OICE_7A559717-D76B-4B6C-8086-7F156FDADB01.0\mso3518.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\OICE_7A559717-D76B-4B6C-8086-7F156FDADB01.0\~WRS{422348F8-93E8-4E5D-82B4-D8BD259FB543}.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\OICE_7A559717-D76B-4B6C-8086-7F156FDADB01.0\~WRS{6BF44758-09CB-4FFA-BD1C-CF8B5F8E0F45}.tmp not found!
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
    File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  9. OTL Extras logfile created on: 11/30/2014 8:03:59 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17420)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.80 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.22% Memory free
    7.60 Gb Paging File | 5.05 Gb Available in Paging File | 66.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.11 Gb Total Space | 525.27 Gb Free Space | 90.08% Space Free | Partition Type: NTFS
    Drive D: | 509.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
     
    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{152FD0A3-F0A4-4683-8976-778AE00870B0}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{25880696-7D6E-4F26-BFE0-334DF8DC0E7E}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3B1A23C8-027A-4978-BF2E-39B9CCC5A81E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{45C75B4D-BCE3-4B91-9C86-6F3D3DB7FBAD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4E612F40-751A-4C55-99A6-121E92061298}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{503BCF64-261C-4037-B325-118291FD9E39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{528F64F2-064C-47C3-8BB7-EC3064A815B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{58FDB526-0F67-42AA-BF8B-A7B26FA1B78A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{5F3B9A93-E7CE-4AC7-8EE5-489943685A2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{60EC594A-4537-4B67-944F-4707A2F64A77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{64F6E930-6898-43EE-8869-FFF175C2B5AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{6970D384-CF25-4238-A500-4B80B0D4557C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{707A860E-9A13-4FAD-BAED-0A9A45FC3477}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8920EDBC-A221-4C6D-8A21-F7971A519E03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8A5256F7-292C-43F0-A2BE-060BD90EDFEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8B9F9313-6543-4DC0-B1C9-21601CDBF952}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8DDC9207-A363-4E54-9EE5-1FF5D23B7960}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8F83562C-87DC-4F72-B9F0-EE55DFB1FD3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A39AB92B-448A-4728-A9EE-4EDFE6FAD45E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A6DC61A7-1F0C-45CF-923E-ED45CF569AD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A7DED250-2FDC-47B8-9471-A36270D0A9BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A826F968-4381-40F6-9BC2-24D173CE6802}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A8BD79CF-6E68-41ED-AD66-25D2015F52A6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AA224A88-A174-473B-941E-99F8D4826621}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E87D2983-1DF0-4249-A0AA-DDDBD407616D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EF0322E0-427D-4784-9AD8-78ED2B9B4517}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FD720341-5589-4352-BF92-2E405BE7A6A3}" = lport=138 | protocol=17 | dir=in | app=system |
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F4C894-8AE5-4C85-BB01-A82EDB89E59D}" = protocol=1 | dir=out | [email protected],-28544 |
    "{07AB37FC-2FBB-41AE-9C9C-0A35C4B28C49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1EB0FD21-F292-4F72-878A-DA9714671AB8}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{2CBD8C9B-1095-4EF0-A41B-99ECAC26CFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{367FE427-23CE-49A9-A754-4D1A249DE79D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{38CDB13F-156E-4378-8674-A84629CD77B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{42557E08-B633-43FC-87CA-3C9BB852F1DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{4418D890-D5DC-4E15-BF6D-327675FF012E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{4436EB00-F248-4236-8A74-C00787392EA7}" = protocol=1 | dir=in | [email protected],-28543 |
    "{45E6778B-0A9B-4ADB-AA82-740544338514}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{49FCB6EC-3CE1-4555-8742-CD2458606804}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{55EA347F-DEBD-4DC6-A24F-D4044032DD97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5B191765-9A10-4599-994E-3282F7E5F278}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5F0DC987-9EA6-4642-B1D7-4D82500880C4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{61A8AFB2-BBA0-42CE-964E-3BBB58DB5B7F}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zse55e.tmp\symnrt.exe |
    "{65A6F4D4-2F31-4491-80EF-F21A2A24D1AE}" = protocol=58 | dir=in | app=system |
    "{6BBE3461-D4C6-4B86-89F3-738CC0F0BEED}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
    "{70CD95D8-D193-448E-87E0-5BF0BEDBD0D5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zse55e.tmp\symnrt.exe |
    "{7731591C-5DA5-44F5-BAF3-0E41C0A25B1F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{77400AE7-946B-4B1A-8F87-1DEDF360D259}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{787492D0-8E56-463A-B7AE-E53BD6BC5B67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{841C89B1-321F-465D-A652-E3DDCB1DE216}" = protocol=17 | dir=in | app=c:\users\owner\downloads\online_anthropology_kinship_chart_creator_downloader.exe |
    "{8C5C96D5-0EF1-4F39-818E-9885C83F0E63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{8D6D485F-1CC4-4752-9879-14C2067DFFA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8F45A27B-5969-44AE-9422-43E9E96696F7}" = protocol=58 | dir=out | [email protected],-503 |
    "{90297666-B45A-4681-B043-0660111BDB7A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{9E9EAEE9-9819-4B51-B224-92291FECD49B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9FAA15D4-D250-43FD-9DD3-2D6C64AE671E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A4DE0ABC-71D6-468C-B20C-D1FE25124078}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B78EE4D6-88EA-4961-B160-4AB92BFAC1BE}" = protocol=6 | dir=in | app=c:\users\owner\downloads\online_anthropology_kinship_chart_creator_downloader.exe |
    "{BB7D40EF-7365-4ADC-9B46-D68DADEE2454}" = protocol=58 | dir=in | [email protected],-28545 |
    "{C17DCFD8-5D52-4AA3-9F75-5F3E530DB1C6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{C63349A2-45E3-4078-B5F9-D75DB838817A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C8D05211-B847-4F17-8800-2FF14827258C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CD848823-E4D2-41AD-B627-D4C254FFDFC4}" = protocol=58 | dir=out | [email protected],-28546 |
    "{D04E55B8-7376-413C-BB5D-CBE100689BAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D489BFE2-C01A-41AB-AC39-BF441A1E48BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DC32C1F1-C472-41CA-AD68-DAC2A1020B86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{DE7101F8-73CA-4715-A374-7CE62D1084F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E86EEFF0-AE49-4340-8680-372D0BAF726B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E93E2E53-ADFB-4D2C-BE92-2B3D81BD016E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EF769D05-47AF-472F-B5C9-0C848E55E1B0}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{EFF33D34-4C2B-468C-BE2C-97E01D8B491D}" = protocol=6 | dir=out | app=system |
    "{F12C3805-A7E9-4619-B8BA-9AE6D5A73836}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{F5AABD7B-D795-4D73-9F8B-A60D45102C50}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{F6C1C234-24B0-4D22-B28D-F19D8AB65FD2}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
    "{F7BDF7E6-8170-47AE-A43D-B18F2FA72EA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F89209F3-1ACA-40F7-B213-5B5E8B099028}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{FEBACEF5-81D7-4533-8458-DC41FD1B0EA3}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
    "TCP Query User{111C9DD9-85DB-42D5-9A83-398F83EDE02F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{1C72954E-8BE3-4BFE-B2E0-4470B032145A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{2C5E3417-9CF3-4FDB-95C0-2F1250655981}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{6D02F5B8-5092-4DC2-841E-91D419A59C1B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "TCP Query User{911692AE-D1E2-4875-AA7C-805DDEBC9F91}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{2D62497B-6E10-4523-AEC7-F859A23816EF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{68819A61-07F0-4666-BC11-93D34E26F45A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{78FB9ED9-C91E-43E8-9BFE-F2A9AFA8E1F6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{7C955AD9-C1AA-49D1-A314-2C5C9401EB5D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{E9D2B5CE-5DCD-491A-A89A-7C054D05882F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel® PROSet/Wireless WiFi Software
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "McAfee Security Scan" = McAfee Security Scan Plus
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Avast" = avast! Free Antivirus
    "dnsshield" = Social Privacy DNS
    "GeniusBox" = GeniusBox 2.0
    "Google Chrome" = Google Chrome
    "groove_stream" = Groove-Stream
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "KeepMySettingsX" = KeepMySettingsX
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
    "Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "e55b814e55744b76" = Best Buy pc app
     
    ========== Last 20 Event Log Errors ==========
     
    [ System Events ]
    Error - 11/30/2014 3:58:03 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =
     
    Error - 11/30/2014 4:35:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
     the following error:   %%2
     
     
    < End of report >
     


  10. OTL logfile created on: 11/30/2014 8:03:59 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17420)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.80 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.22% Memory free
    7.60 Gb Paging File | 5.05 Gb Available in Paging File | 66.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.11 Gb Total Space | 525.27 Gb Free Space | 90.08% Space Free | Partition Type: NTFS
    Drive D: | 509.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/11/30 20:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.com
    PRC - [2014/11/26 12:29:58 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
    PRC - [2014/11/23 13:07:55 | 000,982,600 | ---- | M] (InstallX, LLC) -- C:\Users\Owner\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe
    PRC - [2014/11/15 18:02:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/08/01 04:00:08 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/08/01 03:59:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/14 23:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    PRC - [2010/04/01 09:52:22 | 000,252,728 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/11/26 12:29:58 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
    MOD - [2014/11/15 18:02:20 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2014/08/01 03:59:52 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/08/01 03:59:51 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
    MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/02/14 16:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/11/05 20:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/08/01 03:59:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/09/06 10:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/07/28 10:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/07/22 16:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/06/29 11:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/06/07 15:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2010/06/07 15:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2014/11/26 12:29:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/11/15 18:02:21 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/11/23 12:58:46 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
    DRV:64bit: - [2014/08/01 04:00:07 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
    DRV:64bit: - [2014/08/01 03:59:54 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2014/08/01 03:59:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2014/08/01 03:59:54 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
    DRV:64bit: - [2014/08/01 03:59:54 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2014/08/01 03:59:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2014/08/01 03:59:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
    DRV:64bit: - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/06/18 10:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2010/05/18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/05/16 17:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
    DRV:64bit: - [2010/05/16 17:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2010/05/16 17:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2010/05/08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2010/05/03 14:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/21 11:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
    IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
     
     
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
     
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
     
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20141146,20029,0,101,9284
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes,DefaultScope = {113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}: "URL" = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141146,20028,0,101,0
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49167;https=127.0.0.1:49167
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20141146,20030,0,101,0"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20141146,20031,0,101,0"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141146,20030,0,101,0"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\vbplayer: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbplayer.dll (VBrick Inc.)
    FF - HKLM\Software\MozillaPlugins\vbwmplayer: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbwmplayer.dll (VBrick Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/01 03:59:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/07 16:59:28 | 000,000,000 | ---D | M]
     
    [2014/11/12 16:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2014/11/30 12:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\extensions
    [2014/11/07 16:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/11/15 18:02:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Microsoft (Bing) (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&FORM=AVASDF&PC=AV01,
    CHR - homepage: http://www.msn.com/?pc=AV01
    CHR - Extension: Avast Online Security = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2204.148_0\
    CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
     
    O1 HOSTS File: ([2013/11/24 21:49:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1       localhost
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe File not found
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [sanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628}: DhcpNameServer = 10.1.0.101 10.33.1.101
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8163B9-9237-4136-840E-0B07C0F72B55}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F7D1AA-E3BD-489C-9076-9B2120943A5D}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8F484EE-41AE-4C9A-BF17-D8F84709B324}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/19 17:04:00 | 000,000,028 | R--- | M] () - D:\autorun.bat -- [ CDFS ]
    O32 - AutoRun File - [2004/06/23 23:28:58 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{6532aff3-7b7b-11e1-9610-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{6532aff3-7b7b-11e1-9610-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- [2010/07/19 17:04:00 | 000,000,028 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sdnclean64.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/11/30 11:07:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/11/30 11:02:05 | 000,000,000 | ---D | C] -- C:\windows\Temp
    [2014/11/30 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temp
    [2014/11/30 10:41:49 | 000,000,000 | ---D | C] -- C:\zoek_backup
    [2014/11/12 16:37:28 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
    [2014/11/12 16:37:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
    [2014/11/12 16:37:27 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
    [2014/11/12 16:37:20 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
    [2014/11/12 16:37:20 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll
    [2014/11/12 16:37:20 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll
    [2014/11/12 16:37:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll
    [2014/11/12 16:37:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll
    [2014/11/12 16:37:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2014/11/12 16:37:08 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
    [2014/11/12 16:37:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/11/12 16:37:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2014/11/12 16:37:08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/11/12 16:37:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
    [2014/11/12 16:37:08 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
    [2014/11/12 16:37:08 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2014/11/12 16:37:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2014/11/12 16:37:07 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
    [2014/11/12 16:37:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2014/11/12 16:37:06 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2014/11/12 16:37:06 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
    [2014/11/12 16:37:06 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
    [2014/11/12 16:37:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2014/11/12 16:37:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
    [2014/11/12 16:37:05 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2014/11/12 16:37:05 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2014/11/12 16:37:05 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
    [2014/11/12 16:37:04 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2014/11/12 16:37:04 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
    [2014/11/12 16:37:04 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2014/11/12 16:37:02 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
    [2014/11/12 16:37:01 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
    [2014/11/12 16:37:01 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
    [2014/11/12 16:37:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2014/11/12 16:37:01 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
    [2014/11/12 16:37:00 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
    [2014/11/12 16:37:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2014/11/12 16:37:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2014/11/12 16:36:59 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2014/11/12 16:36:59 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
    [2014/11/12 16:36:59 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
    [2014/11/12 16:36:58 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
    [2014/11/12 16:36:58 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
    [2014/11/12 16:36:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
    [2014/11/12 16:36:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
    [2014/11/12 16:36:12 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IMJP10K.DLL
    [2014/11/12 16:36:12 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IMJP10K.DLL
    [2014/11/12 16:36:05 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
    [2014/11/12 16:36:01 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll
    [2014/11/12 16:36:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll
    [2014/11/12 16:36:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
    [2014/11/12 16:36:00 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
    [2014/11/12 16:36:00 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll
    [2014/11/12 16:35:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
    [2014/11/12 16:35:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
    [2014/11/12 16:35:55 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
    [2014/11/12 16:35:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
    [2014/11/12 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\KeepMySettingsX
    [2014/11/12 16:15:30 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ATL90.dll
    [2014/11/08 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo
    [2014/11/07 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/11/04 09:55:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/11/30 20:01:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000UA.job
    [2014/11/30 20:01:00 | 000,000,256 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
    [2014/11/30 19:32:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/11/30 19:29:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/11/30 19:25:01 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000UA.job
    [2014/11/30 17:32:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/11/30 16:29:01 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/11/30 13:41:13 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/11/30 13:41:13 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/11/30 13:37:43 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/11/30 13:37:43 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/11/30 13:37:43 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/11/30 13:33:51 | 000,001,960 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk
    [2014/11/30 13:33:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/11/30 13:32:57 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2014/11/30 13:25:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000Core.job
    [2014/11/30 13:01:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000Core.job
    [2014/11/30 12:57:10 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/11/30 11:07:21 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2014/11/30 10:42:53 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
    [2014/11/26 12:29:58 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2014/11/26 12:29:58 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/11/23 12:58:46 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
    [2014/11/15 12:32:11 | 000,348,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2014/11/05 21:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
    [2014/11/05 20:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2014/11/05 20:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
    [2014/11/05 20:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
    [2014/11/05 20:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
    [2014/11/05 20:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2014/11/05 20:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2014/11/05 20:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2014/11/05 20:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
    [2014/11/05 20:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
    [2014/11/05 20:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2014/11/05 20:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
    [2014/11/05 20:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
    [2014/11/05 20:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2014/11/05 20:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
    [2014/11/05 20:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
    [2014/11/05 20:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/11/05 20:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2014/11/05 20:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
    [2014/11/05 20:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2014/11/05 20:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2014/11/05 19:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2014/11/05 19:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
    [2014/11/05 19:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
    [2014/11/05 19:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/11/05 19:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2014/11/05 19:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2014/11/05 19:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
    [2014/11/05 19:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2014/11/05 19:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
    [2014/11/05 19:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2014/11/05 19:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2014/11/05 19:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
    [2014/11/05 18:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
    [2014/11/05 18:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
    [2014/11/05 10:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
    [2014/11/05 10:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
    [2014/11/05 10:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
     
    ========== Files Created - No Company Name ==========
     
    [2014/11/30 11:02:05 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
    [2014/11/08 19:24:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2014/04/22 06:50:59 | 000,775,124 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/09/11 14:40:01 | 000,000,064 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Statdisk.prefs
    [2012/04/02 17:54:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/03/31 14:00:11 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2013/11/30 19:45:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
    [2012/08/21 14:17:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackboard
    [2014/11/30 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeepMySettingsX
    [2012/08/08 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicOasis
    [2013/03/22 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
    [2013/08/29 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
    [2013/08/29 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk SecureAccess
    [2012/11/14 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
    [2012/03/31 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
     
    ========== Purity Check ==========
     
     

    < End of report >


  11. Results of screen317's Security Check version 0.99.91  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    avast! Antivirus   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````
     Malwarebytes Anti-Malware version 2.0.3.1025  
     Adobe Flash Player 15.0.0.239  
     Adobe Reader 10.1.8 Adobe Reader out of Date!  
     Mozilla Firefox (33.1.1)
     Google Chrome 31.0.1650.48 Google Chrome out of date!  
    ````````Process Check: objlist.exe by Laurent````````  
     AVAST Software Avast AvastSvc.exe  
     AVAST Software Avast AvastUI.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     


  12. .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/31/2012 1:27:38 PM
    System Uptime: 11/30/2014 1:32:46 PM (3 hours ago)
    .
    Motherboard: TOSHIBA |  | NWQAA
    Processor: Intel® Core i3 CPU       M 380  @ 2.53GHz | CPU | 2533/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 525.323 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP253: 10/31/2014 10:25:43 AM - Windows Update
    RP254: 11/5/2014 4:55:27 PM - Windows Update
    RP255: 11/12/2014 4:19:32 PM - Removed WeatherBug
    RP256: 11/12/2014 4:35:29 PM - Windows Update
    RP257: 11/12/2014 4:55:50 PM - Removed VideoBuzz
    RP258: 11/12/2014 7:58:38 PM - Windows Update
    RP259: 11/18/2014 5:49:58 PM - Windows Update
    RP260: 11/20/2014 7:59:09 PM - Windows Update
    RP261: 11/26/2014 12:35:03 PM - Windows Update
    RP262: 11/30/2014 10:43:33 AM - zoek.exe restore point
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader X (10.1.8)
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Best Buy pc app
    Bing Rewards Client Installer
    Bonjour
    D3DX10
    Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
    Facebook Video Calling 3.1.0.521
    GeniusBox 2.0
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Groove-Stream
    HP Deskjet 3050A J611 series Basic Device Software
    HP Deskjet 3050A J611 series Help
    HP Deskjet 3050A J611 series Product Improvement Study
    HP Photo Creations
    HP Update
    Intel PROSet Wireless
    Intel WiMAX Tutorial
    Intel® Graphics Media Accelerator Driver
    Intel® Management Engine Components
    Intel® PROSet/Wireless WiFi Software
    Intel® Rapid Storage Technology
    Intel® PROSet/Wireless WiMAX Software
    Intel® Wireless Display
    iTunes
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    KeepMySettingsX
    [email protected] 1.0
    Malwarebytes Anti-Malware version 2.0.3.1025
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 33.1.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    PlayReady PC Runtime amd64
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    SanDiskSecureAccess_Manager.exe
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Skype Click to Call
    Skypeâ„¢ 6.11
    Social Privacy DNS
    swMSM
    Synaptics Pointing Device Driver
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD Protection
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Utility Common Driver
    VBPlayerMoz
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .


  13. DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17420
    Run by Owner at 16:56:23 on 2014-11-30
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.2102 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\windows\system32\RunDll32.exe
    C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Users\Owner\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .


    uProxyServer = hxxp=127.0.0.1:49167;https=127.0.0.1:49167
    uProxyOverride = <-loopback>
    mWinlogon: Userinit = userinit.exe,
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [dnsshield] C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 8.8.8.8,8.8.4.4
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628} : DHCPNameServer = 10.1.0.101 10.33.1.101
    TCP: Interfaces\{6E8163B9-9237-4136-840E-0B07C0F72B55} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{E5F7D1AA-E3BD-489C-9076-9B2120943A5D} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\05658434F57457563747 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\05658434F57457563747 : DHCPNameServer = 67.215.21.202 72.21.65.14
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\A62626F677562737 : DHCPNameServer = 192.168.10.1
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E42484840275966496 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E42484840275966496 : DHCPNameServer = 72.21.65.13 72.21.65.14
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E67736 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E67736 : DHCPNameServer = 192.168.96.1
    TCP: Interfaces\{F8F484EE-41AE-4C9A-BF17-D8F84709B324} : NameServer = 8.8.8.8,8.8.4.4
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\
    FF - prefs.js: browser.search.selectedEngine - Yahoo


    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbplayer.dll
    FF - plugin: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbwmplayer.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
    FF - plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-11-30 65776]
    R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-11-30 224896]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-3-31 482384]
    R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2013-11-30 1041168]
    R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-11-30 427360]
    R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-8-1 29208]
    R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-11-30 79184]
    R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-8-1 92008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-1 50344]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-31 2320920]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
    R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]
    R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]
    R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]
    R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-3-31 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
    R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
    R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-31 35008]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-31 331880]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-31 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-12-14 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688]
    S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-3-31 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-31 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-11-30 18:07:56    --------    d-sh--w-    C:\$RECYCLE.BIN
    2014-11-30 18:02:05    24064    ----a-w-    C:\windows\zoek-delete.exe
    2014-11-30 18:02:05    --------    d-----w-    C:\Users\Owner\AppData\Local\Temp
    2014-11-30 17:41:49    --------    d-----w-    C:\zoek_backup
    2014-11-28 16:11:33    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C295FA03-4060-4F4C-959D-A106DEC2CBA1}\mpengine.dll
    2014-11-19 00:50:07    728064    ----a-w-    C:\windows\System32\kerberos.dll
    2014-11-19 00:50:07    241152    ----a-w-    C:\windows\System32\pku2u.dll
    2014-11-19 00:50:07    186880    ----a-w-    C:\windows\SysWow64\pku2u.dll
    2014-11-19 00:50:05    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
    2014-11-12 23:36:59    950784    ----a-w-    C:\Program Files\Internet Explorer\iedvtool.dll
    2014-11-12 23:35:58    77824    ----a-w-    C:\windows\System32\packager.dll
    2014-11-12 23:35:57    67584    ----a-w-    C:\windows\SysWow64\packager.dll
    2014-11-12 23:35:57    3198976    ----a-w-    C:\windows\System32\win32k.sys
    2014-11-12 23:35:55    3241984    ----a-w-    C:\windows\System32\msi.dll
    2014-11-12 23:35:55    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
    2014-11-12 23:35:39    861696    ----a-w-    C:\windows\System32\oleaut32.dll
    2014-11-12 23:35:39    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
    2014-11-12 23:15:41    --------    d-----w-    C:\Users\Owner\AppData\Roaming\KeepMySettingsX
    2014-11-12 23:15:30    159032    ----a-w-    C:\windows\System32\ATL90.dll
    2014-11-09 02:24:06    --------    d-----w-    C:\Users\Owner\AppData\Local\Comodo
    2014-11-04 16:55:47    --------    d-----w-    C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    .
    ==================== Find3M  ====================
    .
    2014-11-30 23:29:01    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
    2014-11-26 19:29:58    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-26 19:29:58    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
    2014-11-23 19:58:46    1041168    ----a-w-    C:\windows\System32\drivers\aswsnx.sys
    2014-11-06 04:04:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
    2014-11-06 04:03:50    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
    2014-11-06 03:47:03    66560    ----a-w-    C:\windows\System32\iesetup.dll
    2014-11-06 03:46:12    580096    ----a-w-    C:\windows\System32\vbscript.dll
    2014-11-06 03:46:12    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
    2014-11-06 03:44:28    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
    2014-11-06 03:30:22    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
    2014-11-06 03:30:08    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
    2014-11-06 03:29:18    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
    2014-11-06 03:28:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
    2014-11-06 03:23:57    6040064    ----a-w-    C:\windows\System32\jscript9.dll
    2014-11-06 03:20:18    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
    2014-11-06 03:13:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
    2014-11-06 03:13:36    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
    2014-11-06 03:12:44    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
    2014-11-06 03:10:58    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
    2014-11-06 03:07:29    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
    2014-11-06 02:59:36    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
    2014-11-06 02:58:38    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
    2014-11-06 02:42:36    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-06 02:39:39    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
    2014-11-06 02:38:25    2124288    ----a-w-    C:\windows\System32\inetcpl.cpl
    2014-11-06 02:21:49    4298240    ----a-w-    C:\windows\SysWow64\jscript9.dll
    2014-11-06 02:21:25    2051072    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
    2014-11-06 02:20:37    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
    2014-11-06 02:17:24    2365440    ----a-w-    C:\windows\System32\wininet.dll
    2014-11-06 01:52:35    1892864    ----a-w-    C:\windows\SysWow64\wininet.dll
    2014-11-05 17:56:54    304640    ----a-w-    C:\windows\System32\generaltel.dll
    2014-11-05 17:56:36    228864    ----a-w-    C:\windows\System32\aepdu.dll
    2014-11-05 17:52:22    424448    ----a-w-    C:\windows\System32\aeinv.dll
    2014-11-04 21:30:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
    2014-10-14 02:16:37    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
    2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
    2014-10-14 02:12:57    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
    2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
    2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
    2014-10-14 01:50:47    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
    2014-10-14 01:49:38    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
    2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
    2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
    2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
    2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
    2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
    2014-10-01 18:11:26    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
    2014-10-01 18:11:16    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
    2014-10-01 18:11:12    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
    2014-09-25 02:08:38    371712    ----a-w-    C:\windows\System32\qdvd.dll
    2014-09-25 01:40:50    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
    2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
    2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
    2014-09-19 09:42:49    342016    ----a-w-    C:\windows\System32\schannel.dll
    2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
    2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
    2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
    2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
    2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
    2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
    2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
    2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
    2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
    2014-09-09 22:11:04    2048    ----a-w-    C:\windows\System32\tzres.dll
    2014-09-09 21:47:10    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
    2014-09-04 05:23:20    424448    ----a-w-    C:\windows\System32\rastls.dll
    2014-09-04 05:04:15    372736    ----a-w-    C:\windows\SysWow64\rastls.dll
    .
    ============= FINISH: 16:57:03.32 ===============
     


  14. Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/30/2014
    Scan Time: 12:57:25 PM
    Logfile: 745616.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.30.07
    Rootkit Database: v2014.11.30.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 384289
    Time Elapsed: 21 min, 49 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 11
    PUP.Optional.CouponBar.A, HKU\S-1-5-21-3546646767-1445017109-1683610049-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [27c8a49d2b5142f4eb6c1caa27db9769],
    PUP.Optional.CouponBar.A, HKU\S-1-5-21-3546646767-1445017109-1683610049-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [27c8a49d2b5142f4eb6c1caa27db9769],
    PUP.Optional.InstallIQ, HKU\S-1-5-21-3546646767-1445017109-1683610049-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\W3I\InstallIQUpdater, Quarantined, [41aed071e29ace682ae51f388281fd03],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\CLASSES\CLSID\{9DFA7693-AAAC-7A62-B396-385343669C0F}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A090A85F-7BC0-BDE0-7C50-0C25728CCB86}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{489022B1-3433-B8CA-46EB-85FED966C2B6}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{489022B1-3433-B8CA-46EB-85FED966C2B6}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A090A85F-7BC0-BDE0-7C50-0C25728CCB86}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9DFA7693-AAAC-7A62-B396-385343669C0F}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9DFA7693-AAAC-7A62-B396-385343669C0F}, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, HKLM\SOFTWARE\CLASSES\CLSID\{9DFA7693-AAAC-7A62-B396-385343669C0F}\INPROCSERVER32, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 4
    PUP.Optional.ArcadeParlor.A, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, Quarantined, [e70866db81fb3bfb5c96a184e51e5fa1],
    PUP.Optional.ArcadeParlor.A, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, Quarantined, [e70866db81fb3bfb5c96a184e51e5fa1],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\x64, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],

    Files: 12
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\182.dat, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\182_x64.dll, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\a.db, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\b.db, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\n1CD182.bin, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\SpeeditUp.exe, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\Sqlite3.dll, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\y1SpeeditUpp63.dll, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\x64\TandemRunner.exe, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\x64\WdfCoInstaller01009.dll, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\x64\webinstr.inf, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],
    PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver4SpeeditUp\x64\webinstrNew.sys, Quarantined, [648b241d2d4f0d299da5ca70b74ca55b],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


  15. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Owner on Sun 11/30/2014 at 12:48:33.67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0rbzcbm3.default-1395006579003\extensions\{f32e7e42-9afa-47ca-a0c4-d07ee651d404}
    Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0rbzcbm3.default-1395006579003\minidumps [15 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 11/30/2014 at 12:53:36.85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


  16. # AdwCleaner v4.102 - Report created 30/11/2014 at 11:15:53
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-27.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Downloads\adwcleaner_4.102.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\RandomPrice
    Folder Deleted : C:\Program Files (x86)\Social Privacy  DNS
    Folder Deleted : C:\Users\Owner\AppData\Local\GeniusBox
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\user.js

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Advanced System Protector_startup
    Task Deleted : LuckyTab

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\.
    Key Deleted : HKLM\SOFTWARE\Classes\..9
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1a876239-0545-4880-8ab2-33aec4e6ab42}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a876239-0545-4880-8ab2-33aec4e6ab42}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1a876239-0545-4880-8ab2-33aec4e6ab42}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1a876239-0545-4880-8ab2-33aec4e6ab42}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a876239-0545-4880-8ab2-33aec4e6ab42}
    Key Deleted : HKCU\Software\buenosearch LTD
    Key Deleted : HKCU\Software\pc optimizer pro
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\Search Extensions
    Key Deleted : HKCU\Software\AppDataLow\Software\SpeeditUp
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\InstallIQ
    Key Deleted : HKLM\SOFTWARE\YourFileDownloader
    Key Deleted : HKLM\SOFTWARE\LuckyTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v33.1.1 (x86 en-US)


    -\\ Google Chrome v31.0.1650.57







    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : cfaifkapfifnanhhiidacmhldddojchn
    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

    *************************

    AdwCleaner[R0].txt - [22792 octets] - [23/11/2013 15:18:38]
    AdwCleaner[R1].txt - [6899 octets] - [30/11/2014 11:11:21]
    AdwCleaner[s0].txt - [22129 octets] - [23/11/2013 15:19:56]
    AdwCleaner[s1].txt - [6467 octets] - [30/11/2014 11:15:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [6527 octets] ##########
     


  17. Zoek.exe v5.0.0.0 Updated 29-11-2014
    Tool run by Owner on Sun 11/30/2014 at 10:42:57.32.
    Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Owner\Downloads\zoek.exe [scan all users]  [Checkboxes used]

    ==== System Restore Info ======================

    11/30/2014 10:44:02 AM Zoek.exe System Restore Point Created Succesfully.

    ==== Empty Folders Check ======================

    C:\PROGRA~2\Bing Torrent Search deleted successfully
    C:\PROGRA~2\Supporter deleted successfully
    C:\Program Files\Google deleted successfully
    C:\PROGRA~3\Oracle deleted successfully
    C:\PROGRA~3\Yahoo! deleted successfully
    C:\PROGRA~3\{FBF3739B-717D-4429-BCEB-98D514E65F29} deleted successfully
    C:\Users\Owner\AppData\Roaming\Collaborate deleted successfully
    C:\Users\Owner\AppData\Roaming\Malwarebytes deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{467D4EE9-28E0-498C-9F6F-FD1A013BFE79} deleted successfully
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully

    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webinstrNew deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\webinstrNew deleted successfully

    ==== FireFox Fix ======================

    ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003

    ---- Lines extensions.H6fdOXnGOwOyupOs removed from prefs.js ----
    user_pref("extensions.H6fdOXnGOwOyupOs.epoch", "1");
    user_pref("extensions.H6fdOXnGOwOyupOs.scode", "void(0);");
    user_pref("extensions.H6fdOXnGOwOyupOs.url", "http://beautyspygetonlinez.info/sync/?q=C6qUojw6rdCEqTn4qTk5pjs5pjwGpjn4tMZPhd9FrHr7rHsErHCErds9qdn7rdr6
    ---- Lines extensions.cyOb01Dhxi3du6tD removed from prefs.js ----
    user_pref("extensions.cyOb01Dhxi3du6tD.epoch", "1416267471");
    user_pref("extensions.cyOb01Dhxi3du6tD.url", "http://canadafirstforeverygroup.net/sync2/?q=hfZ9oemMhdCHtNbPhd98qjgGpihTB6lKDzt4olljtNtVh7n0rjnFrja4rds
    ---- FireFox user.js and prefs.js backups ----

    user_20141130_1057_.backup
    prefs_20141130_1057_.backup

    ==== Deleting Files \ Folders ======================

    C:\PROGRA~3\{FBF3739B-717D-4429-BCEB-98D514E65F29} not found
    C:\PROGRA~2\PriceLess deleted
    C:\ProgramData\PriceLess deleted
    C:\PROGRA~3\90a5c7455bacb5d deleted
    C:\PROGRA~2\LuckyTab deleted
    C:\PROGRA~3\CloudSoft deleted
    C:\PROGRA~3\Updater deleted
    C:\PROGRA~3\RHelpers deleted
    C:\PROGRA~3\InstallMate deleted
    C:\Users\Owner\AppData\Local\avgchrome deleted
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
    C:\windows\patsearch.bin deleted
    C:\windows\SysNative\sasnative64.exe deleted
    C:\Users\Owner\Downloads\CouponPrinter(1).exe deleted
    C:\Users\Owner\Downloads\CouponPrinter(2).exe deleted
    C:\Users\Owner\Downloads\CouponPrinter(3).exe deleted
    C:\Users\Owner\Downloads\CouponPrinter.exe deleted
    C:\windows\wininit.ini deleted
    C:\windows\SysNative\tasks\LuckyTab deleted
    C:\windows\SysNative\drivers\webinstrNew.sys deleted
    C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted
    C:\windows\SysNative\config\systemprofile\Searches deleted
    C:\windows\SysNative\GroupPolicy\Machine deleted
    C:\windows\SysNative\GroupPolicy\User deleted
    C:\windows\SysNative\GroupPolicy\GPT.INI deleted
    C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
    C:\windows\SysWow64\AI_RecycleBin deleted
    C:\Users\Owner\Downloads\setup.exe deleted
    "C:\windows\Installer\332106e3.msi" deleted
    "C:\Users\Owner\AppData\Local\0df296065d8b7004eef1fd7c1e1c4f9c" deleted

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
    "[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/01/2014 03:59 AM]
    [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
    "{CBD0B549-5AA8-2F4D-8415-130B5802BBD5}"="C:\Program Files (x86)\ver4SpeeditUp\182.xpi" []

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003
    - Undetermined - {F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
    - ArcadeParlor - %ProfilePath%\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}

    AppDir: C:\Program Files (x86)\Mozilla Firefox
    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003
    8303B3CEC05500F763B4FA75210598BB    - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash
    3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
    68BCBB241EF254BC5100D9E6C06ECC71    - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll -    Google Talk Plugin Video Accelerator
    99FE6AFE80EB7FE3EEB75DC504A326A3    - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer
    AF42019A3B0EDBFA6878F75B9377A792    - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
    AF661355EBAB898EB92D5454AEF93CE0    - C:\windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.400.43
    7EF7E4C1325D533F5186E7118ABB0E7C    - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -    McAfee Security Scanner +
    0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director
    15E298B5EC5B89C5994A59863969D9FF    - C:\windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


    ==== Fake Chromium Profiles Check ======================

    Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
    Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
    Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
    Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
    Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
    Fake profile C:\Users\Guest\AppData\Local\Torch deleted
    Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
    Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
    Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
    Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted
    Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
    Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
    Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
    Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
    Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted
    Fake profile C:\Users\Owner\AppData\Local\Torch deleted
    Fake profile C:\Users\Owner\AppData\Local\Google\Chrome SxS deleted
    Fake profile C:\Users\Owner\AppData\Local\Comodo\Dragon deleted
    Fake profile C:\Users\Owner\AppData\Local\Chromatic Browser deleted

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    eefhnbpnnaaokmclnihgajdnlgljajjg - No path found[]
    ggebenakhmhfdkmkemdmllecchcldgec - No path found[]
    gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/01/2014 03:59 AM]
    lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[03/02/2012 10:53 AM]

    Bcool - Owner\AppData\Local\Fast Browser\User Data\Default\Extensions\belehhimfpnfiopbmpkioideigiglmjg
    Skype Click to Call - Owner\AppData\Local\Fast Browser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Social Privacy - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn
    DubLi Toolbar - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clagbfpdfojpoondfdloibkiaipdeibm
    PriceLess - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclcodbflbdinkjeblfamifniepbbalh
    Avant Downloader - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbonimgkpojnocmgjgkgigbfgffpcjnp
    Avast Online Security - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
    Skype Click to Call - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

    ==== Chromium Startpages ======================

    C:\Users\Owner\AppData\Local\Fast Browser\User Data\Default\Preferences
    "homepage": "http://www.safesear.ch",
    "urls_to_restore_on_startup": [ "http://www.safesear.ch" ]

    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    "homepage": "http://www.msn.com/?pc=AV01",


    ==== Chromium Fix ======================

    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.soft-quick.info_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.soft-quick.info_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastonlinefinder.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastonlinefinder.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.woolik.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.woolik.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clagbfpdfojpoondfdloibkiaipdeibm deleted successfully
    C:\Users\Owner\AppData\Local\Fast Browser\User Data\Default\Extensions\belehhimfpnfiopbmpkioideigiglmjg deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclcodbflbdinkjeblfamifniepbbalh deleted successfully
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbonimgkpojnocmgjgkgigbfgffpcjnp deleted successfully

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20141146,20029,0,101,9284"
    "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="about:newtab"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="about:newtab"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{467D4EE9-28E0-498C-9F6F-FD1A013BFE79}"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{467D4EE9-28E0-498C-9F6F-FD1A013BFE79}] not found

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {1C24DC0E-AD7E-4339-8480-F45D566D30B7} Unknown  Url="Not_Found"
    {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1C24DC0E-AD7E-4339-8480-F45D566D30B7} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0733f78f-2d05-4f1e-95d1-ce20f52fcdf3} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0733f78f-2d05-4f1e-95d1-ce20f52fcdf3} deleted successfully
    HKEY_CLASSES_ROOT\CLSID\{0733f78f-2d05-4f1e-95d1-ce20f52fcdf3} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0733f78f-2d05-4f1e-95d1-ce20f52fcdf3} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0733f78f-2d05-4f1e-95d1-ce20f52fcdf3} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Mozilla\FireFox\Extensions\[email protected] deleted successfully
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Mozilla\FireFox\Extensions\{CBD0B549-5AA8-2F4D-8415-130B5802BBD5} deleted successfully

    ==== Reset IE Proxy ======================

    Value(s) before fix:
    "ProxyServer"="http=127.0.0.1:49162;https=127.0.0.1:49162"
    "ProxyOverride"="<-loopback>"
    "ProxyEnable"=dword:00000001

    Value(s) after fix:
    "ProxyEnable"=dword:00000000

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F0BC1E8FB762504AA32AF229E84401C deleted successfully
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContinueToSave deleted successfully
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C511AE2-1655-7A2F-9196-89A88239B3E0} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{32336E21-EAC0-0F33-4843-41048D7D2D33} deleted successfully
    HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
    HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1F0BC1E8FB762504AA32AF229E84401C deleted successfully
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

    ==== Empty IE Cache ======================

    C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\cache2 emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\Owner\AppData\Local\Fast Browser\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=355 folders=31 20885591 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Default User\AppData\Local\Temp emptied successfully
    C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
    C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
    C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\windows\Temp successfully emptied
    C:\Users\Owner\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on Sun 11/30/2014 at 11:07:53.87 ======================
     


  18. All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C24DC0E-AD7E-4339-8480-F45D566D30B7}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C24DC0E-AD7E-4339-8480-F45D566D30B7}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2877A654-1C9F-4cb5-8438-16022B2FDD9C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}\ not found.
    HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C3A345CE-BFBC-4936-BF7C-3ABEA78CEF9D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3A345CE-BFBC-4936-BF7C-3ABEA78CEF9D}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Extensions folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected]\chrome\content folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected]\chrome folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected] folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected]\content folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected]\components folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected] folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions folder moved successfully.
    File C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hyr99t9j.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi not found.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TPwrMain deleted successfully.
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MobileAppSync deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
    File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
    File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== COMMANDS ==========
     
    [EMPTYJAVA]
     
    User: Administrator
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Owner
    ->Java cache emptied: 4386947 bytes
     
    User: Public
     
    Total Java Files Cleaned = 4.00 mb
     
     
    [EMPTYFLASH]
     
    User: Administrator
     
    User: All Users
     
    User: Default
    ->Flash cache emptied: 56478 bytes
     
    User: Default User
    ->Flash cache emptied: 0 bytes
     
    User: Owner
    ->Flash cache emptied: 77772 bytes
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYTEMP]
     
    User: Administrator
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Owner
    ->Temp folder emptied: 67736087 bytes
    ->Temporary Internet Files folder emptied: 172218055 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 309637714 bytes
    ->Google Chrome cache emptied: 10460968 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 572568654 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84787 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 746 bytes
    RecycleBin emptied: 48882443 bytes
     
    Total Files Cleaned = 1,127.00 mb
     
    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point
     
    OTL by OldTimer - Version 3.2.69.0 log created on 11242013_214743

    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  19. OTL logfile created on: 11/24/2013 8:44:52 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.80 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 41.53% Memory free
    7.60 Gb Paging File | 5.03 Gb Available in Paging File | 66.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 583.11 Gb Total Space | 529.80 Gb Free Space | 90.86% Space Free | Partition Type: NTFS
    Drive D: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/11/24 08:33:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.com
    PRC - [2013/11/23 12:00:09 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
    PRC - [2013/11/18 00:16:59 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/11/13 00:36:50 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
    PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/01/07 12:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe
    PRC - [2012/02/14 23:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    PRC - [2010/11/20 03:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    PRC - [2010/05/01 16:55:36 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    PRC - [2010/04/01 09:52:22 | 000,252,728 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/11/23 12:00:09 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
    MOD - [2013/11/18 00:16:58 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/11/13 00:36:50 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/02/14 16:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/07/28 10:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/07/22 16:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/06/29 11:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/06/07 15:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2010/06/07 15:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2013/11/23 12:00:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/11/18 00:16:58 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/06/18 10:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2010/05/18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/05/16 17:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
    DRV:64bit: - [2010/05/16 17:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2010/05/16 17:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2010/05/08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2010/05/03 14:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/21 11:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (All) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1C24DC0E-AD7E-4339-8480-F45D566D30B7}
    IE:64bit: - HKLM\..\SearchScopes\{1C24DC0E-AD7E-4339-8480-F45D566D30B7}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
     
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
     
    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
     
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.buenosearch.com/?babsrc [binary data over 200 bytes]
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\URLSearchHook: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - No CLSID value found
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{C3A345CE-BFBC-4936-BF7C-3ABEA78CEF9D}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7B1266764D-FC4F-4FA7-B63B-884D53B1680F%7D:3.6.5
    FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.49
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - prefs.js..keyword.URL: ""
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\vbplayer: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbplayer.dll (VBrick Inc.)
    FF - HKLM\Software\MozillaPlugins\vbwmplayer: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbwmplayer.dll (VBrick Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 00:16:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/20 10:27:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 00:16:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/20 10:27:07 | 000,000,000 | ---D | M]
     
    [2012/04/02 16:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2013/11/23 15:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions
    [2013/01/30 19:53:37 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected]
    [2013/11/23 12:02:19 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hyr99t9j.default\extensions\[email protected]
    [2012/08/09 16:04:54 | 000,011,658 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hyr99t9j.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi
    [2013/10/18 19:35:31 | 000,001,315 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hyr99t9j.default\searchplugins\buenosearch.xml
    [2013/11/23 14:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/11/18 00:16:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/11/18 00:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/11/18 00:16:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/03 06:53:52 | 000,187,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
    [2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com
    CHR - Extension: Social Privacy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
    CHR - Extension: Skype Click to Call = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_1\
    CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
     
    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp64.dll File not found
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll File not found
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
    O3 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe ()
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Google Update] C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe" File not found
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [sanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk = C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628}: DhcpNameServer = 10.1.0.101 10.33.1.101
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8163B9-9237-4136-840E-0B07C0F72B55}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F7D1AA-E3BD-489C-9076-9B2120943A5D}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8F484EE-41AE-4C9A-BF17-D8F84709B324}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/11/23 15:26:52 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/11/23 15:18:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/23 14:41:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2013/11/23 14:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/11/23 14:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/11/23 14:41:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/11/23 14:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/11/23 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
    [2013/11/23 13:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2013/11/23 12:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
    [2013/11/23 12:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
    [2013/11/23 12:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy  DNS
    [2013/11/23 12:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
    [2013/11/23 11:58:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\InstallShield
    [2013/11/23 11:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UEFI WinFlash
    [2013/11/18 00:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/11/13 03:05:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2013/11/13 03:05:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2013/11/13 03:05:52 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
    [2013/11/13 03:05:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
    [2013/11/13 03:05:52 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
    [2013/11/13 03:05:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
    [2013/11/13 03:05:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2013/11/13 03:05:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2013/11/13 03:05:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2013/11/13 03:05:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2013/11/13 03:05:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2013/11/13 03:05:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2013/11/13 03:05:50 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2013/11/13 03:05:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2013/11/13 03:05:49 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2013/11/12 23:20:15 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2013/11/12 23:20:13 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
    [2013/11/12 23:20:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
    [2013/11/12 23:20:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
    [2013/11/12 23:20:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
    [2013/11/12 23:20:12 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
    [2013/11/12 23:20:10 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
    [2013/11/12 23:20:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
    [2013/11/12 23:20:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
    [2013/11/12 23:20:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
    [2013/11/12 23:20:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
    [2013/11/12 23:20:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
    [2013/11/12 23:20:05 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
    [2013/11/12 23:20:05 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
    [2013/11/12 23:20:05 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
    [2013/11/12 23:20:05 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
    [2013/11/03 18:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Crystal Decisions
    [2013/11/03 18:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VBrick
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/11/24 08:33:13 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000UA.job
    [2013/11/24 08:33:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/24 08:32:38 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000UA.job
    [2013/11/24 08:32:38 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/11/24 08:32:35 | 000,000,256 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
    [2013/11/24 08:32:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/11/23 16:18:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/23 15:30:11 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/23 15:30:11 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/23 15:22:43 | 000,001,960 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk
    [2013/11/23 15:21:54 | 000,000,398 | -H-- | M] () -- C:\windows\tasks\{3D084AB5-6B71-476E-B860-DEC739BBF3B3}.job
    [2013/11/23 15:21:26 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/23 14:41:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/11/23 14:38:02 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/11/23 14:38:02 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/11/23 14:38:02 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/11/23 14:23:55 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
    [2013/11/23 13:25:08 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000Core.job
    [2013/11/23 13:24:25 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000Core.job
    [2013/11/23 12:00:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2013/11/23 12:00:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/11/14 23:12:21 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/11/23 14:41:15 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/11/23 14:23:50 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
    [2012/09/11 14:40:01 | 000,000,064 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Statdisk.prefs
    [2012/04/02 17:54:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/03/31 14:00:11 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012/08/21 14:17:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackboard
    [2012/08/21 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Collaborate
    [2012/08/08 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicOasis
    [2013/03/22 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
    [2013/08/29 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
    [2013/08/29 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk SecureAccess
    [2012/11/14 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
    [2012/05/23 08:36:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
    [2012/03/31 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
     
    ========== Purity Check ==========
     
     

    < End of report >
     


  20. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Owner on Sat 11/23/2013 at 15:26:55.39
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC7D95DD-6EDB-4b68-8CAB-A93808C37EB4}



    ~~~ Files

    Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
    Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
    Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\best buy pc app"
    Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0247B643-19D3-4EAF-BB02-DF3B9C0F0051}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{14CF282F-65F2-4FE2-8C7C-B4E4C9FC79EC}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{19719634-8A72-4779-A74B-6F0C6F7DE83D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B4D939C-DFEA-471F-99BA-9E9D4221BEC3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D83FF8BC-C60C-48E7-840E-166A46EAEDC9}



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
    Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hyr99t9j.default\prefs.js


    user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
    user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
    user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
    Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hyr99t9j.default\minidumps [163 files]



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 11/23/2013 at 15:36:04.99
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  21. # AdwCleaner v3.012 - Report created 23/11/2013 at 15:19:56
    # Updated 11/11/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\continuetosave
    Folder Deleted : C:\ProgramData\DSearchLink
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Systweak
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\w3i
    Folder Deleted : C:\ProgramData\Bcool
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool
    Folder Deleted : C:\Program Files (x86)\Babylon
    Folder Deleted : C:\Program Files (x86)\continuetosave
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\w3i
    Folder Deleted : C:\Program Files\Babylon
    Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid
    Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Owner\AppData\Local\Searchprotect
    Folder Deleted : C:\Users\Owner\AppData\Local\Temp\BabylonToolbar
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\continuetosave
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Bcool
    Folder Deleted : C:\Users\Owner\AppData\Roaming\optimizer pro
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\Extensions\[email protected]
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\belehhimfpnfiopbmpkioideigiglmjg
    File Deleted : C:\windows\System32\roboot64.exe
    File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\searchplugins\conduit-search.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\searchplugins\GoogleFeed.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\searchplugins\WebSearch.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\searchplugins\web-search.xml
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\user.js
    File Deleted : C:\windows\System32\Tasks\Advanced System Protector_startup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\belehhimfpnfiopbmpkioideigiglmjg
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
    Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
    Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
    Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
    Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
    Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa
    Key Deleted : HKLM\SOFTWARE\5a57d88fe738ed47
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
    Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6ECE3D6-4B98-404D-F169-424568257FD7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6ECE3D6-4B98-404D-F169-424568257FD7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6ECE3D6-4B98-404D-F169-424568257FD7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6ECE3D6-4B98-404D-F169-424568257FD7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKCU\Software\BabSolution
    Key Deleted : HKCU\Software\Babylon
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\contin~1\sprote~1.dll
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\softqu~1\sprote~1.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16736


    -\\ Mozilla Firefox v25.0.1 (en-US)

    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hyr99t9j.default\prefs.js ]

    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

    Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");

    Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
    Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

    Line Deleted : user_pref("extensions.4fbc84135687b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
    Line Deleted : user_pref("extensions.50f350351540d.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp') > -1 && window.self == wi[...]
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112454&tt=220512_53all");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1a6fc41600000000000064d4da291afd");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "1a6fc41600000000000064d4da291afd");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15483");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

    Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:35:03");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

    Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" message=\"Empty\"></package>");
    Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.expires", "1385247835034");
    Line Deleted : user_pref("id_couponscom.variablecashedNotifications", "%7B%22hxxp%3A//www.amazon.com/%22%3A%22%3CTOOLBAR%3E%5Cr%5Cn%3CSETTINGS%20scope%3D%5C%220%5C%22%3E%5Cr%5Cn%20%20%20%20%3CWEBJUMP%20encoding%3D%5[...]
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");

    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [22792 octets] - [23/11/2013 15:18:38]
    AdwCleaner[s0].txt - [21871 octets] - [23/11/2013 15:19:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [21932 octets] ##########
     


  22. Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.23.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Owner :: OWNER-PC [administrator]

    Protection: Enabled

    11/23/2013 2:42:43 PM
    mbam-log-2013-11-23 (14-42-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235609
    Time elapsed: 6 minute(s), 41 second(s)

    Memory Processes Detected: 8
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> 3584 -> Delete on reboot.
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> 3608 -> Delete on reboot.
    C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (PUP.Optional.InstallIQ.A) -> 3692 -> Delete on reboot.
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 4124 -> Delete on reboot.
    C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 4892 -> Delete on reboot.
    C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 5096 -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> 1964 -> Delete on reboot.
    C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 3676 -> Delete on reboot.

    Memory Modules Detected: 6
    C:\Program Files (x86)\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.

    Registry Keys Detected: 37
    HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{0D880AFA-5ECD-A203-3246-A130BA3156F6} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D880AFA-5ECD-A203-3246-A130BA3156F6} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0D880AFA-5ECD-A203-3246-A130BA3156F6} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D880AFA-5ECD-A203-3246-A130BA3156F6} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    HKCR\DynConIE.DynConIEObject.1 (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    HKCR\DynConIE.DynConIEObject (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
    HKCR\URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
    HKCR\URLSearchHook.ToolbarURLSearchHook (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B} (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TubeDimmer (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{DCB1CD02-42FC-4447-B833-6405CE328D62} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    HKCR\Interface\{96B7C08E-01F0-491A-8509-9741CF47039F} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[email protected] (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Quarantined and deleted successfully.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
    HKCU\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
    HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|InstallIQUpdater (PUP.Optional.InstallIQ.A) -> Data: "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizePro.A) -> Data: C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
    HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://conversion.pcutilitiespro.revenuewire.net/driverpro/xsell -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPA7B71020-C8F7-4E2E-A0EF-F3146D87A310&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 48
    C:\ProgramData\TubeDimmer (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox\chrome (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox\chrome\content (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\IE (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\clamunpack (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\chrome (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\chrome\content (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12150 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\Backup (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\mt_ffx\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\mt_ffx\buenosearch\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\mt_ffx\buenosearch\buenosearch\1.8.21.22 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
    C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Delete on reboot.
    C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Delete on reboot.
    C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Delete on reboot.

    Files Detected: 275
    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
    C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (PUP.Optional.InstallIQ.A) -> Delete on reboot.
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
    C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
    C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\IE\common.dll (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
    C:\ProgramData\continuetosave\uninstall.exe (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully.
    C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nsdA0C5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nsdA5A7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nsiC8D2.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nsnCBB0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nssC603.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nsyA317.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\Setup_US.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\MyBuenoTB.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\D5A392E9-BAB0-7891-90F0-252284989A9E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\Firefox_Setup(1).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\Flash_Player_Pro_Setup.exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\flvmplayer(1).exe (PUP.BundleInstaller.SOL) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\flvmplayer.exe (PUP.BundleInstaller.SOL) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\GrooveStream(2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\GrooveStream(3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\GrooveStream(4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\GrooveStream.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\happy-wheels(1).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\happy-wheels(2).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\happy-wheels.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\musicoasis.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\picture_install_.zip (Backdoor.Agent) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\Setup (2).exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\windows live movie maker setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\9CZTQIRA\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\9CZTQIRA\Setup_US_20131122[1].exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\LXSBT308\delta[1].exe (PUP.Optional.DeltaTB) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\LXSBT308\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\OEH7K74C\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z1ZM5LVB\reg[1].exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\app.dat (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\TubeDimmer.ico (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Uninstall.exe (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\common.crx (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\_common.crx (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\announce.js (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\background.html (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\common.js (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\contentscript.js (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\icon.png (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\icon128.png (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\icon16.png (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\icon48.png (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\iframecontentscript.js (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Chrome\unzip\manifest.json (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox\chrome.manifest (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox\install.rdf (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox\chrome\content\main.js (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\ProgramData\TubeDimmer\Firefox\chrome\content\overlay.xul (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\loading_withWhiteBG.avi (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.config (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\AppResource.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\asp.ico (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\AspManager.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\categories.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Chinese_asp_ZH-CN.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Communication.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\danish_asp_DA.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\dutch_asp_NL.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\eng_asp_en.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Finnish_asp_FI.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\french_asp_FR.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\german_asp_DE.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Interop.IWshRuntimeLibrary.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\italian_asp_IT.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\japanese_asp_JA.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\norwegian_asp_NO.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\portuguese_asp_PT-BR.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\russian_asp_ru.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\scandll.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\spanish_asp_ES.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\swedish_asp_SV.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\System.Core.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\unins000.dat (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\unins000.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\unins000.msg (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\unrar.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.Formats.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> Delete on reboot.
    C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\clamunpack\libclamav.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\clamunpack\readme.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.lnk (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\code.zip (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\r.log (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\sp.dll (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\sp64.dll (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\sqlite3.exe (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\Uninstall.exe (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\chrome.manifest (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\install.rdf (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\chrome\content\icon.png (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\chrome\content\main.js (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Social Privacy\FF\chrome\content\overlay.xul (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Help.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Delete on reboot.
    C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1545mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1545update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1546update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1547update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1548update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1549update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1550update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1551update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1552update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1553update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1554update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1555update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1556update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1557update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1558update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1559update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1560update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1561update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1562update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1563update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1564update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1565update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1566update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1567update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1568update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1569update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1570update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1571update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1572update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1573update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1574update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1575update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1576update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1577update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1578update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1579update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1580update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1581update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1582update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1583update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1584update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1585update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\1586update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_18-10-13_08-47-39.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\Systweak\Advanced System Protector\Logs\SMLog.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

    (end)