TechSpot

Desktop started claiming no internet connection on wifi; all other devices fine

By Noonan
Nov 30, 2016
  1. With "no connection" the wifi status still shows packets going back and forth. Meanwhile, mbar and antivirus scans don't identify anything to clean; definitions more out of date each day.

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
    Ran by Yellow House (administrator) on SCREENENVY (30-11-2016 21:36:18)
    Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\FarbarRecoveryScanTool
    Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
    (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Giant Telecom Ltd.) C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe
    (Dropbox, Inc.) C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
    HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [SKYLINK 2-in-1 Phone Utility] => C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe [315392 2006-12-06] (Giant Telecom Ltd.)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Dropbox Update] => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-13] (Lavasoft)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-06-05]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:56217;https=127.0.0.1:56217
    Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Tcpip\..\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7}: [DhcpNameServer] 172.20.10.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2714174496-2253751676-100373542-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2ebcy.default-1382348241459
    FF NewTab: hxxps://www.google.com/
    FF Homepage: hxxps://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
    R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
    R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-29] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 NEOFLTR_815_38093; C:\Windows\system32\Drivers\NEOFLTR_815_38093.SYS [108344 2015-08-27] (Pulse Secure, LLC)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 21:36 - 2016-11-30 21:36 - 00000000 ____D C:\FRST
    2016-11-27 15:58 - 2016-11-27 15:31 - 00010209 _____ C:\Users\Yellow House\Documents\Uninstall STAR WARS The Old Republic.log
    2016-11-18 19:20 - 2016-11-25 19:47 - 00000000 ____D C:\Users\Yellow House\AppData\LocalLow\Mozilla

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-30 21:31 - 2011-12-02 13:27 - 01265839 _____ C:\Windows\WindowsUpdate.log
    2016-11-30 21:31 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-11-30 21:30 - 2013-07-25 21:28 - 00000000 ____D C:\Users\Yellow House\Desktop\Log Files
    2016-11-30 21:29 - 2009-07-13 22:51 - 00083127 _____ C:\Windows\setupact.log
    2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-11-30 21:27 - 2015-07-13 06:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-11-30 21:27 - 2015-07-13 06:46 - 00000348 _____ C:\Windows\Tasks\UpdateTask.job
    2016-11-30 21:27 - 2015-06-16 13:30 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job
    2016-11-30 21:27 - 2015-06-16 13:30 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job
    2016-11-30 21:27 - 2011-12-02 13:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-11-30 21:27 - 2010-11-20 21:47 - 00272584 _____ C:\Windows\PFRO.log
    2016-11-30 21:27 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-29 04:53 - 2016-07-18 18:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-11-29 04:47 - 2015-02-28 15:20 - 00003188 _____ C:\Windows\System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C}
    2016-11-29 04:44 - 2015-07-13 06:51 - 00003774 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-11-29 04:44 - 2015-07-13 06:46 - 00003310 _____ C:\Windows\System32\Tasks\UpdateTask
    2016-11-29 04:44 - 2015-06-16 13:30 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA
    2016-11-29 04:44 - 2015-06-16 13:30 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core
    2016-11-29 04:44 - 2015-01-04 18:58 - 00004340 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2016-11-27 16:15 - 2015-10-12 17:25 - 00000000 ____D C:\Users\Younglings
    2016-11-27 16:15 - 2011-12-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2016-11-27 16:14 - 2016-10-28 08:43 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-11-27 16:14 - 2012-07-29 13:44 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Dropbox
    2016-11-27 16:14 - 2012-05-05 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-11-27 16:13 - 2011-12-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-11-27 16:12 - 2016-07-13 19:16 - 00000000 ____D C:\Users\Public\Documents\BitRaider
    2016-11-27 16:12 - 2012-07-29 13:48 - 00000000 ___RD C:\Users\Yellow House\Dropbox
    2016-11-27 15:45 - 2013-08-14 08:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
    2016-11-27 15:31 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-11-27 15:28 - 2016-07-12 18:29 - 00000000 ____D C:\Games
    2016-11-27 15:25 - 2011-12-10 18:59 - 00000000 ____D C:\Users\Yellow House
    2016-11-27 15:17 - 2016-01-12 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-21 20:12 - 2011-12-02 13:58 - 00000000 ____D C:\ProgramData\Sonic
    2016-11-12 03:05 - 2013-08-14 10:03 - 00000000 ____D C:\Windows\system32\MRT
    2016-11-02 22:05 - 2011-12-10 19:21 - 00000000 ____D C:\Users\Yellow House\AppData\Local\Nero

    ==================== Files in the root of some directories =======

    2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming\WB.CFG

    Files to move or delete:
    ====================
    C:\Users\Yellow House\Firefox Setup 45.0.exe


    Some files in TEMP:
    ====================
    C:\Users\Yellow House\AppData\Local\Temp\BRSVC_915117_hlp.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-27 16:15

    ==================== End of FRST.txt ============================
     
  2. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Okay, the first post was addition.txt. Posting from a phone is klunky.

    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
    Ran by Yellow House (administrator) on SCREENENVY (30-11-2016 21:36:18)
    Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\FarbarRecoveryScanTool
    Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
    (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Giant Telecom Ltd.) C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe
    (Dropbox, Inc.) C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
    HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [SKYLINK 2-in-1 Phone Utility] => C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe [315392 2006-12-06] (Giant Telecom Ltd.)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Dropbox Update] => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-13] (Lavasoft)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-06-05]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:56217;https=127.0.0.1:56217
    Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-13] (Lavasoft Limited)
    Tcpip\..\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7}: [DhcpNameServer] 172.20.10.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2714174496-2253751676-100373542-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2ebcy.default-1382348241459
    FF NewTab: hxxps://www.google.com/
    FF Homepage: hxxps://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
    R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
    R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-29] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 NEOFLTR_815_38093; C:\Windows\system32\Drivers\NEOFLTR_815_38093.SYS [108344 2015-08-27] (Pulse Secure, LLC)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 21:36 - 2016-11-30 21:36 - 00000000 ____D C:\FRST
    2016-11-27 15:58 - 2016-11-27 15:31 - 00010209 _____ C:\Users\Yellow House\Documents\Uninstall STAR WARS The Old Republic.log
    2016-11-18 19:20 - 2016-11-25 19:47 - 00000000 ____D C:\Users\Yellow House\AppData\LocalLow\Mozilla

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-30 21:33 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-30 21:31 - 2011-12-02 13:27 - 01265839 _____ C:\Windows\WindowsUpdate.log
    2016-11-30 21:31 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-11-30 21:30 - 2013-07-25 21:28 - 00000000 ____D C:\Users\Yellow House\Desktop\Log Files
    2016-11-30 21:29 - 2009-07-13 22:51 - 00083127 _____ C:\Windows\setupact.log
    2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-11-30 21:28 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-11-30 21:27 - 2015-07-13 06:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-11-30 21:27 - 2015-07-13 06:46 - 00000348 _____ C:\Windows\Tasks\UpdateTask.job
    2016-11-30 21:27 - 2015-06-16 13:30 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job
    2016-11-30 21:27 - 2015-06-16 13:30 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job
    2016-11-30 21:27 - 2011-12-02 13:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-11-30 21:27 - 2010-11-20 21:47 - 00272584 _____ C:\Windows\PFRO.log
    2016-11-30 21:27 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-29 04:53 - 2016-07-18 18:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-11-29 04:47 - 2015-02-28 15:20 - 00003188 _____ C:\Windows\System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C}
    2016-11-29 04:44 - 2015-07-13 06:51 - 00003774 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-11-29 04:44 - 2015-07-13 06:46 - 00003310 _____ C:\Windows\System32\Tasks\UpdateTask
    2016-11-29 04:44 - 2015-06-16 13:30 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA
    2016-11-29 04:44 - 2015-06-16 13:30 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core
    2016-11-29 04:44 - 2015-01-04 18:58 - 00004340 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2016-11-27 16:15 - 2015-10-12 17:25 - 00000000 ____D C:\Users\Younglings
    2016-11-27 16:15 - 2011-12-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2016-11-27 16:14 - 2016-10-28 08:43 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-11-27 16:14 - 2012-07-29 13:44 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Dropbox
    2016-11-27 16:14 - 2012-05-05 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-11-27 16:13 - 2011-12-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-11-27 16:12 - 2016-07-13 19:16 - 00000000 ____D C:\Users\Public\Documents\BitRaider
    2016-11-27 16:12 - 2012-07-29 13:48 - 00000000 ___RD C:\Users\Yellow House\Dropbox
    2016-11-27 15:45 - 2013-08-14 08:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
    2016-11-27 15:31 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-11-27 15:28 - 2016-07-12 18:29 - 00000000 ____D C:\Games
    2016-11-27 15:25 - 2011-12-10 18:59 - 00000000 ____D C:\Users\Yellow House
    2016-11-27 15:17 - 2016-01-12 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-21 20:12 - 2011-12-02 13:58 - 00000000 ____D C:\ProgramData\Sonic
    2016-11-12 03:05 - 2013-08-14 10:03 - 00000000 ____D C:\Windows\system32\MRT
    2016-11-02 22:05 - 2011-12-10 19:21 - 00000000 ____D C:\Users\Yellow House\AppData\Local\Nero

    ==================== Files in the root of some directories =======

    2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming\WB.CFG

    Files to move or delete:
    ====================
    C:\Users\Yellow House\Firefox Setup 45.0.exe


    Some files in TEMP:
    ====================
    C:\Users\Yellow House\AppData\Local\Temp\BRSVC_915117_hlp.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-27 16:15

    ==================== End of FRST.txt ============================
     
  3. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
    Ran by Yellow House (2016-11-30 21:37:19)
    Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\FarbarRecoveryScanTool
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-11 00:59:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2714174496-2253751676-100373542-500 - Administrator - Disabled)
    Guest (S-1-5-21-2714174496-2253751676-100373542-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2714174496-2253751676-100373542-1002 - Limited - Enabled)
    Yellow House (S-1-5-21-2714174496-2253751676-100373542-1000 - Administrator - Enabled) => C:\Users\Yellow House
    Younglings (S-1-5-21-2714174496-2253751676-100373542-1003 - Limited - Enabled) => C:\Users\Younglings

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
    ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
    ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - )
    Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
    Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
    Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
    Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
    Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
    Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
    Create Photo Calendars (HKLM-x32\...\CreatePhotoCalendars.5D53B1AD5E35C0AAC823426DAB2CFDAF2F7F5C07.1) (Version: 1.31 - Spectrum Software, Inc)
    Create Photo Calendars (x32 Version: 1.31 - Spectrum Software, Inc) Hidden
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{2B25AEE3-D191-4735-870E-28743D727ED8}) (Version: 1.7.1002.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
    Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    DOSBox SVN-Daum (HKLM-x32\...\DOSBox SVN-Daum) (Version: - )
    Dropbox (HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON R280 User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version: - )
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    FingerPrint 2.2.0.629 (HKLM-x32\...\{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1) (Version: 2.2.0.629 - Collobos Software)
    Free Countdown Timer 2.7.2 (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 2.7 - Comfort Software Group)
    Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
    HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)
    hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
    hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
    hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
    hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
    hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
    hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
    Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
    Java(TM) 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
    Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
    Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Pulse Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.1.5.38093 - Pulse Secure, LLC)
    Pulse Secure Host Checker (HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\PulseSecure_Host_Checker) (Version: 8.1.5.38093 - Pulse Secure, LLC)
    Pulse Secure Setup Client (HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Juniper_Setup_Client) (Version: 8.1.5.60701 - Pulse Secure, LLC)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
    Rental Property Manager v2 (HKLM-x32\...\{0C1E9E42-578D-4D62-A16A-4AA2F9F21D0C}_is1) (Version: - Source IT Software Ltd)
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Secunia PSI (3.0.0.8013) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SKYLINK 2-in-1 Phone Utility (HKLM-x32\...\{12EBB355-5C3E-41C2-822B-9E17FBA716A0}) (Version: 2.00.011 - Giant Telecom Ltd)
    Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
    SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
    THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    YNAB 3 (HKLM-x32\...\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1) (Version: 3.6.0.5 - YouNeedABudget.com)
    YNAB 3 (x32 Version: 3.6.0 - YouNeedABudget.com) Hidden
    YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    29-10-2016 19:00:02 Windows Update
    05-11-2016 16:23:59 Windows Update
    11-11-2016 03:00:20 Windows Update
    12-11-2016 03:00:28 Windows Update
    16-11-2016 17:15:57 Windows Update
    27-11-2016 16:08:10 Restore Operation

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B4AB98A-B827-4D6F-AF6C-C579DFD7567C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2714174496-2253751676-100373542-1000
    Task: {1CDD42DB-A06A-4A62-9458-85CCB0A52474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-28] (Adobe Systems Incorporated)
    Task: {25051F1C-49F8-4D14-93B8-E6D7FE41DEA1} - System32\Tasks\UpdateTask => C:\Users\YELLOW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
    Task: {BEBC0D19-7D97-470E-88D8-D57EADDC28F6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation)
    Task: {CA7FD645-343F-4EF5-91B0-45E86B8005EB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {CAB434F5-B0DB-4BBC-AF3B-757FDC01CEA8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
    Task: {F76735D3-1A9C-4D32-A75C-4B8F8EB222CB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {FEC369D2-7FB0-4AB3-895C-E6EB1D6ECBE2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {FECD6527-87AA-4A13-BD79-64EE2809354E} - System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C} => pcalua.exe -a "C:\Users\Yellow House\Downloads\AdobeAIRInstaller(1).exe" -d "C:\Users\Yellow House\Downloads"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\YELLOW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE

    ==================== Loaded Modules (Whitelisted) ==============

    2012-10-11 09:21 - 2012-10-04 18:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
    2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-12-02 13:44 - 2011-09-22 10:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2010-11-17 10:35 - 2010-11-17 10:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    2011-04-19 22:16 - 2011-04-19 22:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2012-03-07 16:54 - 2013-07-10 17:10 - 01044480 _____ () C:\Program Files (x86)\FingerPrint\libcups2.dll
    2015-07-13 00:50 - 2015-07-13 00:50 - 00072192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
    2015-07-13 00:50 - 2015-07-13 00:50 - 00178176 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
    2015-07-13 00:50 - 2015-07-13 00:50 - 00040448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
    2015-07-13 00:50 - 2015-07-13 00:50 - 00067072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
    2015-07-13 00:50 - 2015-07-13 00:50 - 00117248 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
    2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2010-11-17 10:35 - 2010-11-17 10:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
    2015-05-02 12:45 - 2015-05-02 12:45 - 00946176 _____ () C:\Program Files (x86)\Secunia\PSI\psires.dll
    2016-05-14 09:35 - 2016-05-14 09:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
    2011-12-02 13:39 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\webcompanion.com -> hxxp://webcompanion.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A82CF083-43D4-49C2-BD25-9078F0098C33}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{969C42A1-B504-4692-9491-E084787339D7}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
    FirewallRules: [{C8DA5CC3-4FC5-4503-9939-597C28B98BF2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{DBA0D7D5-AE12-49DF-9B7D-62742A1C2E43}] => (Allow) LPort=2869
    FirewallRules: [{A72598C5-921C-404E-AA14-4B63CB476CE6}] => (Allow) LPort=1900
    FirewallRules: [{A399839E-E784-4F80-AD61-3626220E4405}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{99E60362-084D-44AD-8056-D93D2058B8FC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{D5113E18-BF69-4559-ACB5-AE2F391A9712}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{3EB833F9-9E14-4417-9A8C-1A60F8468891}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{B403E9BB-AEB9-49E1-9E6C-34398108D765}] => (Allow) LPort=9700
    FirewallRules: [{6FE69835-BEAC-481A-B260-BF71D4F9AF58}] => (Allow) LPort=9701
    FirewallRules: [{D9AC03E0-2838-445E-BA44-F630DBF82BAF}] => (Allow) LPort=9702
    FirewallRules: [{E63F8F2C-C4DD-4C88-B489-172056AC0566}] => (Allow) LPort=9700
    FirewallRules: [{F57F380C-1DE0-457A-B07B-5ABAD98F9609}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
    FirewallRules: [{61DBECAB-7150-4EDD-AF25-F535D85096B6}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
    FirewallRules: [{876B759B-BE53-4226-8E3F-8024B7304A2F}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
    FirewallRules: [{5BF7DC2B-8F28-4F42-8DB0-52D14631827E}] => (Allow) C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{A35E28F0-2673-43A9-AEB9-818E85821D4D}] => (Allow) C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{97EF9DE5-D6AB-4ABC-85DC-E6259F2E27EF}C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{75DC6BDF-82F4-4B21-BDFB-2CDE7DA630A4}C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{EC873E53-18E9-482C-B93B-D2D2E563573B}] => (Allow) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
    FirewallRules: [{5315C0BB-5DC2-454B-B999-087E3058FB9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4DF65540-941B-4B8C-A02E-88FBA45EB2A7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{5BBD8762-B3BC-4004-8C15-33789D7AE7D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1DB1F8CF-F3A4-4DC3-A130-CE143AC866FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{199EBB62-C1AE-4B0E-B494-860A395D0DDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DC3A4EA9-6876-40BF-842C-8AC7AA75A284}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{F3E8BD44-CDEC-4554-82F2-8B2ED8907A0B}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe
    FirewallRules: [TCP Query User{4BA5D976-6D90-4EF1-82AF-6F9873FE1E01}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{80D03FBD-A433-4F07-8EC3-EF609495A5CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{ACB39665-DE2B-4B02-990B-85E70617C8D6}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
    FirewallRules: [{44A255DE-C5A3-4CD5-A274-14104983812C}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
    FirewallRules: [{06105F93-BBF3-4EE9-A0A3-7AAF5C47C272}] => (Allow) C:\Users\Yellow House\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{A038D36E-5F7A-4C20-AF26-8D2E2C5DB71C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{03B278E7-D06D-49C3-91DD-C9B7424BA80B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B89B8E9A-F21D-4355-971E-D6C101C98352}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{269BA9B0-518C-4C09-9F7E-BD1EF30DE55A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9EBF9164-4957-4814-AD0C-245847A85413}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{97A8B901-7902-4EB7-890B-3B8B808D0694}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EBF2DF91-C5CF-4B6E-9E7B-C68C72B4981C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6AB00BF6-474F-438C-A1D3-BC61B071409C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{18D0DD1C-0F59-4038-8A96-A3C46882EDEA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{69FB9222-254E-437D-9DBF-527B576F0B72}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{CC6DB9AA-5DEC-4613-B8C0-703C8BCD9B49}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{AFB62915-3837-4C44-8A27-0E36773DF073}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{D393CAE0-68FA-4486-9A59-D6D3C3A0EF4D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/30/2016 09:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/29/2016 07:20:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

    Error: (11/29/2016 07:20:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15585

    Error: (11/29/2016 07:20:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/29/2016 05:05:58 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (11/29/2016 05:03:40 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (11/29/2016 05:03:05 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (11/27/2016 03:19:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/27/2016 03:47:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/27/2016 03:46:53 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


    System errors:
    =============
    Error: (11/30/2016 09:37:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.65.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (11/30/2016 09:37:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (11/30/2016 09:37:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (11/30/2016 09:37:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (11/30/2016 09:30:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/30/2016 09:29:46 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk5\DR5.

    Error: (11/30/2016 09:29:46 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk5\DR5.

    Error: (11/30/2016 09:29:45 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk5\DR5.

    Error: (11/30/2016 09:28:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (11/30/2016 09:28:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.65.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


    CodeIntegrity:
    ===================================
    Date: 2016-07-24 18:45:52.976
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.972
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.969
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.963
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.763
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.755
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.747
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.739
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.015
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.010
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
    Percentage of memory in use: 26%
    Total physical RAM: 8174.45 MB
    Available physical RAM: 6029.65 MB
    Total Virtual: 16347.07 MB
    Available Virtual: 13854.39 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:144.08 GB) NTFS
    Drive d: (EE_TUBA) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
    Drive e: (USB DISK) (Removable) (Total:0.97 GB) (Free:0.7 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AC998FBC)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 991.5 MB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=991 MB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    Already installed:
    2.0 Threat Scan
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Scan file and delete file from RogueKiller

    RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Yellow House [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 12/01/2016 16:51:52 (Duration : 01:02:34)

    ¤¤¤ Processes : 1 ¤¤¤
    [PUP] WebCompanion.exe(4332) -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe[7] -> Found

    ¤¤¤ Registry : 24 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\WebBar -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\eSupport.com -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\ProductSetup -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\eSupport.com -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\ProductSetup -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion : C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [7] -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion : C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [7] -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06105F93-BBF3-4EE9-A0A3-7AAF5C47C272} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Yellow House\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06105F93-BBF3-4EE9-A0A3-7AAF5C47C272} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Yellow House\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium| [x] -> Found

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP|Suspicious.Path] %WINDIR%\Tasks\UpdateTask.job -- C:\Users\YELLOW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Found
    [Suspicious.Path] \UpdateTask -- C:\Users\YELLOW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Found

    ¤¤¤ Files : 4 ¤¤¤
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion -> Found
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion -> Found
    [PUP][Folder] C:\Program Files (x86)\DriverRestore -> Found
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AAKX-753CA1 +++++
    --- User ---
    [MBR] c902bed9c67bbf8f8c95be39e62b901e
    [BSP] cf12218652d89cb7613fb042a67cbc20 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 13566 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27865088 | Size: 463333 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Yellow House [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 12/01/2016 16:51:52 (Duration : 01:02:34)

    ¤¤¤ Processes : 1 ¤¤¤
    [PUP] WebCompanion.exe(4332) -- C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe[7] -> Found

    ¤¤¤ Registry : 24 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\2A1442DD | AppFullPath : C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [7] -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\WebBar -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\eSupport.com -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\ProductSetup -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\eSupport.com -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\ProductSetup -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion : C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [7] -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion : C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [7] -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56217;https=127.0.0.1:56217 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7} | DhcpNameServer : 172.20.10.1 ([X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7} | DhcpNameServer : 172.20.10.1 ([X]) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06105F93-BBF3-4EE9-A0A3-7AAF5C47C272} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Yellow House\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06105F93-BBF3-4EE9-A0A3-7AAF5C47C272} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Yellow House\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium| [x] -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP|Suspicious.Path] %WINDIR%\Tasks\UpdateTask.job -- C:\Users\YELLOW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Not selected
    [Suspicious.Path] \UpdateTask -- C:\Users\YELLOW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Not selected

    ¤¤¤ Files : 4 ¤¤¤
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip.tmp -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlWeekly.zip -> Deleted
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion\Definitions -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\adblocker.log -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\pupmanager.log -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\pupmanager.log.1 -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\pupmanager.log.2 -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log.1 -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log.2 -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log -> Deleted
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion -> Deleted
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs -> Deleted
    [PUP][File] C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip -> Deleted
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion\Options -> Deleted
    [PUP][Folder] C:\ProgramData\Lavasoft\Web Companion -> ERROR [3]
    [PUP][Folder] C:\Program Files (x86)\DriverRestore -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion -> Removed at reboot [91]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\App.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US -> Removed at reboot [91]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.Shell32.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AdAware.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Automation.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.IEController.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SmartAssemblyUI.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\LogicNP.EZShellExtensions.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\RegisterExtensionDotNet40.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\RestartExplorer.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\SmartAssembly.ReportException.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\SmartExceptionsCore.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\System.Data.SQLite.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.pdb -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionWebUI.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionWebUI.exe.config -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x64 -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x86 -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans\WebCompanionWebUI.resources.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application -> Removed at reboot [91]
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftLSPInstaller.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftLSPInstaller.ini -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftLSPInstaller64.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService64.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7 -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\TcpService -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AAKX-753CA1 +++++
    --- User ---
    [MBR] c902bed9c67bbf8f8c95be39e62b901e
    [BSP] cf12218652d89cb7613fb042a67cbc20 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 13566 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27865088 | Size: 463333 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  6. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    No update capability for the definitions on malware bytes. Should I download anew, and scan again?

    Posting using phone: with which don't seem to be able to attach anything other than pictures.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/29/2016
    Scan Time: 4:54 AM
    Logfile: MBAM scan.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.07.24.01
    Rootkit Database: v2016.05.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Yellow House

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 387005
    Time Elapsed: 2 hr, 21 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    AdwCleaner file

    # AdwCleaner v6.030 - Logfile created 01/12/2016 at 19:05:46
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-10-18.1 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Yellow House - SCREENENVY
    # Running from : C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\4-AdwCleaner\AdwCleaner.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****

    [#] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
    [-] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****



    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [948 Bytes] - [01/12/2016 19:05:46]
    C:\AdwCleaner\AdwCleaner[R0].txt - [983 Bytes] - [23/10/2013 19:38:27]
    C:\AdwCleaner\AdwCleaner[S0].txt - [971 Bytes] - [23/10/2013 19:39:08]
    C:\AdwCleaner\AdwCleaner[S1].txt - [5790 Bytes] - [01/12/2016 19:00:28]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1520 Bytes] - [01/12/2016 19:05:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1310 Bytes] ##########
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    When done with JRT...
    1. Uninstall Malwarebytes' Anti-Malware using Add/Remove (Programs & Features) programs in the control panel.
    2. Restart your computer (very important).
    3. Download and run this utility.
    4. It will ask to restart your computer (please allow it to).
    5. After the computer restarts, install the latest version from here.
     
  9. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Last scan requested (for now): JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Yellow House (Administrator) on Thu 12/01/2016 at 19:14:59.96
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 16

    Successfully deleted: C:\Users\Yellow House\AppData\Local\{0F21B827-DF7A-4EB4-9DF7-C367A564DC37} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{182E550A-1EAF-44DA-AB24-0E503AAB5BF0} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{37B13DF9-D706-4C91-A823-667D9C630F33} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{B2267E91-7C72-427B-BC7E-0445094FD3B5} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{CCEDBF00-ADF7-434C-85B6-E56B78369CC6} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{D72E12B3-A060-4A3A-B050-2051EB13EB43} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{DE3CA3BE-23F3-455E-B035-A19686B71ABD} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\{F9B3368B-AD49-43DA-93EC-A819B945AC21} (Empty Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NZX01UG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NYBOYWK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RGFKZC7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Yellow House\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFU4NQXM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NZX01UG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NYBOYWK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RGFKZC7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFU4NQXM (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 12/01/2016 at 19:16:35.03
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please read my previous reply (above your JRT log).
     
  11. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Okay, scan with new version of MBAM is running.
     
  12. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/1/2016
    Scan Time: 9:24 PM
    Logfile: MBAM scan2.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.02.16.06
    Rootkit Database: v2016.02.08.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Yellow House

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 442665
    Time Elapsed: 23 min, 43 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    ComboFix 16-12-02.01 - Yellow House 12/02/2016 19:02:05.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6270 [GMT -6:00]
    Running from: c:\users\Yellow House\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msdownld.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-11-03 to 2016-12-03 )))))))))))))))))))))))))))))))
    .
    .
    2016-12-03 01:09 . 2016-12-03 01:09 -------- d-----w- c:\users\Younglings\AppData\Local\temp
    2016-12-03 01:09 . 2016-12-03 01:09 -------- d-----w- c:\users\Public\AppData\Local\temp
    2016-12-03 01:09 . 2016-12-03 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-12-03 00:54 . 2016-12-03 00:54 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E56F9B1D-7341-4AC2-978D-1772009C7C9F}\offreg.996.dll
    2016-12-03 00:53 . 2016-05-14 03:52 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B080AB-3183-D848-ABB1-E6D494913420}\GapaEngine.dll
    2016-12-02 03:24 . 2016-12-02 03:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-12-02 03:23 . 2016-12-02 03:23 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-12-02 03:23 . 2016-12-02 03:23 -------- d-----w- c:\programdata\Malwarebytes
    2016-12-02 03:23 . 2016-03-10 20:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-12-02 03:23 . 2016-03-10 20:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-12-02 03:23 . 2016-03-10 20:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-12-01 22:51 . 2016-12-01 22:51 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-12-01 22:51 . 2016-12-02 00:42 -------- d-----w- c:\program files\RogueKiller
    2016-12-01 22:50 . 2016-12-02 00:48 -------- d-----w- c:\programdata\RogueKiller
    2016-12-01 03:36 . 2016-12-01 03:37 -------- d-----w- C:\FRST
    2016-11-27 21:18 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E56F9B1D-7341-4AC2-978D-1772009C7C9F}\mpengine.dll
    2016-11-26 01:48 . 2016-10-22 03:36 231880 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
    2016-11-26 01:48 . 2016-10-22 03:36 892992 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-10-28 14:56 . 2012-07-11 10:43 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-10-28 14:56 . 2011-12-02 19:29 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-10-28 14:56 . 2016-07-16 12:39 5488320 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2016-10-28 01:22 . 2010-11-21 03:27 485032 ----a-w- c:\windows\system32\MpSigStub.exe
    2016-10-15 00:26 . 2012-02-20 05:06 143495576 -c--a-w- c:\windows\system32\MRT.exe
    2016-10-06 21:42 . 2016-10-28 14:40 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2016-09-30 20:13 . 2016-10-16 08:04 394448 ----a-w- c:\windows\system32\iedkcs32.dll
    2016-09-30 15:37 . 2016-10-16 08:04 5548264 ----a-w- c:\windows\system32\ntoskrnl.exe
    2016-09-30 15:20 . 2016-10-16 08:04 4000488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2016-09-30 15:20 . 2016-10-16 08:04 3944680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2016-09-30 07:55 . 2016-10-16 08:04 25765376 ----a-w- c:\windows\system32\mshtml.dll
    2016-09-30 06:41 . 2016-10-16 08:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2016-09-30 06:40 . 2016-10-16 08:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2016-09-30 06:26 . 2016-10-16 08:04 66560 ----a-w- c:\windows\system32\iesetup.dll
    2016-09-30 06:25 . 2016-10-16 08:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2016-09-30 06:25 . 2016-10-16 08:04 417792 ----a-w- c:\windows\system32\html.iec
    2016-09-30 06:25 . 2016-10-16 08:04 2895360 ----a-w- c:\windows\system32\iertutil.dll
    2016-09-30 06:25 . 2016-10-16 08:04 576000 ----a-w- c:\windows\system32\vbscript.dll
    2016-09-30 06:25 . 2016-10-16 08:04 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2016-09-30 06:18 . 2016-10-16 08:04 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2016-09-30 06:17 . 2016-10-16 08:04 34304 ----a-w- c:\windows\system32\iernonce.dll
    2016-09-30 06:14 . 2016-10-16 08:04 615936 ----a-w- c:\windows\system32\ieui.dll
    2016-09-30 06:13 . 2016-10-16 08:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2016-09-30 06:13 . 2016-10-16 08:04 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2016-09-30 06:12 . 2016-10-16 08:04 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2016-09-30 06:12 . 2016-10-16 08:04 817664 ----a-w- c:\windows\system32\jscript.dll
    2016-09-30 06:09 . 2016-10-16 08:04 6048256 ----a-w- c:\windows\system32\jscript9.dll
    2016-09-30 06:05 . 2016-10-16 08:04 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2016-09-30 06:02 . 2016-10-16 08:04 489984 ----a-w- c:\windows\system32\dxtmsft.dll
    2016-09-30 05:55 . 2016-10-16 08:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2016-09-30 05:54 . 2016-10-16 08:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2016-09-30 05:54 . 2016-10-16 08:04 107520 ----a-w- c:\windows\system32\inseng.dll
    2016-09-30 05:51 . 2016-10-16 08:04 199680 ----a-w- c:\windows\system32\msrating.dll
    2016-09-30 05:50 . 2016-10-16 08:04 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2016-09-30 05:47 . 2016-10-16 08:04 315392 ----a-w- c:\windows\system32\dxtrans.dll
    2016-09-30 05:46 . 2016-10-16 08:04 152064 ----a-w- c:\windows\system32\occache.dll
    2016-09-30 05:42 . 2016-10-16 08:04 498688 ----a-w- c:\windows\SysWow64\vbscript.dll
    2016-09-30 05:42 . 2016-10-16 08:04 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2016-09-30 05:42 . 2016-10-16 08:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2016-09-30 05:42 . 2016-10-16 08:04 341504 ----a-w- c:\windows\SysWow64\html.iec
    2016-09-30 05:41 . 2016-10-16 08:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2016-09-30 05:35 . 2016-10-16 08:04 262144 ----a-w- c:\windows\system32\webcheck.dll
    2016-09-30 05:33 . 2016-10-16 08:04 724992 ----a-w- c:\windows\system32\ie4uinit.exe
    2016-09-30 05:32 . 2016-10-16 08:04 806912 ----a-w- c:\windows\system32\msfeeds.dll
    2016-09-30 05:32 . 2016-10-16 08:04 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2016-09-30 05:32 . 2016-10-16 08:04 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2016-09-30 05:31 . 2016-10-16 08:04 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2016-09-30 05:31 . 2016-10-16 08:04 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
    2016-09-30 05:21 . 2016-10-16 08:04 15257088 ----a-w- c:\windows\system32\ieframe.dll
    2016-09-30 05:19 . 2016-10-16 08:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2016-09-30 05:17 . 2016-10-16 08:04 2920960 ----a-w- c:\windows\system32\wininet.dll
    2016-09-30 05:12 . 2016-10-16 08:04 4608512 ----a-w- c:\windows\SysWow64\jscript9.dll
    2016-09-30 05:05 . 2016-10-16 08:04 1544192 ----a-w- c:\windows\system32\urlmon.dll
    2016-09-30 05:05 . 2016-10-16 08:04 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2016-09-30 05:05 . 2016-10-16 08:04 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2016-09-30 04:54 . 2016-10-16 08:04 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2016-09-30 04:46 . 2016-10-16 08:04 2444288 ----a-w- c:\windows\SysWow64\wininet.dll
    2016-09-15 15:30 . 2016-10-16 08:04 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2016-09-15 15:30 . 2016-10-16 08:04 84480 ----a-w- c:\windows\system32\INETRES.dll
    2016-09-15 15:15 . 2016-10-16 08:04 84480 ----a-w- c:\windows\SysWow64\INETRES.dll
    2016-09-15 15:15 . 2016-10-16 08:04 741888 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2016-09-12 21:17 . 2016-10-12 01:03 77032 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2016-09-12 21:13 . 2016-10-16 08:04 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2016-09-12 21:13 . 2016-10-16 08:04 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2016-09-12 21:08 . 2016-10-16 08:04 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2016-09-12 21:08 . 2016-10-16 08:04 210432 ----a-w- c:\windows\system32\wdigest.dll
    2016-09-12 21:08 . 2016-10-16 08:04 28672 ----a-w- c:\windows\system32\sspisrv.dll
    2016-09-12 21:08 . 2016-10-16 08:04 135680 ----a-w- c:\windows\system32\sspicli.dll
    2016-09-12 21:08 . 2016-10-16 08:04 345600 ----a-w- c:\windows\system32\schannel.dll
    2016-09-12 21:08 . 2016-10-16 08:04 190464 ----a-w- c:\windows\system32\rpchttp.dll
    2016-09-12 21:08 . 2016-10-16 08:04 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
    2016-09-12 21:08 . 2016-10-16 08:04 28160 ----a-w- c:\windows\system32\secur32.dll
    2016-09-12 21:08 . 2016-10-16 08:04 312320 ----a-w- c:\windows\system32\ncrypt.dll
    2016-09-12 21:08 . 2016-10-16 08:04 60416 ----a-w- c:\windows\system32\msobjs.dll
    2016-09-12 21:08 . 2016-10-16 08:04 316416 ----a-w- c:\windows\system32\msv1_0.dll
    2016-09-12 21:08 . 2016-10-16 08:04 146432 ----a-w- c:\windows\system32\msaudite.dll
    2016-09-12 21:08 . 2016-10-16 08:04 1465344 ----a-w- c:\windows\system32\lsasrv.dll
    2016-09-12 21:08 . 2016-10-16 08:04 730624 ----a-w- c:\windows\system32\kerberos.dll
    2016-09-12 21:08 . 2016-10-16 08:04 22016 ----a-w- c:\windows\system32\credssp.dll
    2016-09-12 21:08 . 2016-10-16 08:04 43520 ----a-w- c:\windows\system32\cryptbase.dll
    2016-09-12 21:08 . 2016-10-16 08:04 463872 ----a-w- c:\windows\system32\certcli.dll
    2016-09-12 21:08 . 2016-10-16 08:04 690688 ----a-w- c:\windows\system32\adtschema.dll
    2016-09-12 21:08 . 2016-10-16 08:04 107520 ----a-w- c:\windows\system32\adsmsext.dll
    2016-09-12 21:08 . 2016-10-12 01:03 1226752 ----a-w- c:\windows\system32\aeinv.dll
    2016-09-12 20:49 . 2016-10-16 08:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2016-09-12 20:49 . 2016-10-16 08:04 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2016-09-12 20:49 . 2016-10-16 08:04 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2016-09-12 20:49 . 2016-10-16 08:04 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2016-09-12 20:49 . 2016-10-16 08:04 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
    2016-09-12 20:49 . 2016-10-16 08:04 254464 ----a-w- c:\windows\SysWow64\schannel.dll
    2016-09-12 20:49 . 2016-10-16 08:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2016-09-12 20:49 . 2016-10-16 08:04 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2016-09-12 20:49 . 2016-10-16 08:04 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2016-09-12 20:49 . 2016-10-16 08:04 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
    2016-09-12 20:49 . 2016-10-16 08:04 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2016-09-12 20:49 . 2016-10-16 08:04 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
    2016-09-12 20:49 . 2016-10-16 08:04 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    2016-09-12 20:49 . 2016-10-16 08:04 342528 ----a-w- c:\windows\SysWow64\certcli.dll
    2016-09-12 20:49 . 2016-10-16 08:04 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
    2016-09-12 20:49 . 2016-10-16 08:04 76800 ----a-w- c:\windows\SysWow64\adsmsext.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 223552 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 223552 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 223552 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SKYLINK 2-in-1 Phone Utility"="c:\program files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe" [2006-12-06 315392]
    "Dropbox Update"="c:\users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
    "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2016-07-05 67384]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2012-07-18 313248]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2016-09-16 1156824]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-10-14 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 NEOFLTR_815_38093;Juniper Networks TDI Filter Driver (NEOFLTR_815_38093);c:\windows\system32\Drivers\NEOFLTR_815_38093.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_815_38093.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 FingerPrint;FingerPrint Service;c:\program files (x86)\FingerPrint\FingerPrintService.exe;c:\program files (x86)\FingerPrint\FingerPrintService.exe [x]
    S2 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    start [BU]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 14:56]
    .
    2016-12-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job
    - c:\users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 19:30]
    .
    2016-12-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job
    - c:\users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 19:30]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 270144 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 270144 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 270144 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2016-10-24 13:10 270144 ----a-w- c:\users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
    "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-08-30 1354712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-07-26 176952]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: localhost
    FF - ProfilePath - c:\users\Yellow House\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2ebcy.default-1382348241459\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.23"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-12-02 19:11:08
    ComboFix-quarantined-files.txt 2016-12-03 01:11
    ComboFix2.txt 2013-10-23 06:45
    .
    Pre-Run: 154,689,830,912 bytes free
    Post-Run: 155,245,449,216 bytes free
    .
    - - End Of File - - B3563E2AA121637BC7FA879E5C51906A
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  16. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
    Ran by Yellow House (administrator) on SCREENENVY (02-12-2016 20:31:14)
    Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\1-7-FarbarRecoveryScanTool
    Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
    (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Giant Telecom Ltd.) C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files (x86)\YNAB 4\YNAB 4.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
    HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [SKYLINK 2-in-1 Phone Utility] => C:\Program Files (x86)\SkyLink\SKYLINK 2-in-1 Phone Utility\SKYLINK 2-in-1 Phone Utility.exe [315392 2006-12-06] (Giant Telecom Ltd.)
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Run: [Dropbox Update] => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-06-05]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:56217;https=127.0.0.1:56217
    Tcpip\..\Interfaces\{479FB02E-6750-4309-B642-5BAE09BEF3E7}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{E9802681-820A-4525-A8F4-EBDCB9659E87}: [DhcpNameServer] 192.168.0.12

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-26] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-26] (Oracle Corporation)
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2ebcy.default-1382348241459
    FF NewTab: hxxps://www.google.com/
    FF Homepage: hxxps://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-26] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
    R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
    R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 NEOFLTR_815_38093; C:\Windows\system32\Drivers\NEOFLTR_815_38093.SYS [108344 2015-08-27] (Pulse Secure, LLC)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-02 19:11 - 2016-12-02 19:11 - 00030094 _____ C:\ComboFix.txt
    2016-12-02 18:59 - 2016-12-02 18:21 - 05659954 ____R (Swearware) C:\Users\Yellow House\Desktop\ComboFix.exe
    2016-12-01 21:24 - 2016-12-02 19:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-12-01 21:23 - 2016-12-01 21:23 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-12-01 21:23 - 2016-12-01 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-12-01 21:23 - 2016-12-01 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-12-01 21:23 - 2016-12-01 21:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-12-01 21:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-12-01 21:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-12-01 21:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-12-01 16:51 - 2016-12-01 18:42 - 00000000 ____D C:\Program Files\RogueKiller
    2016-12-01 16:51 - 2016-12-01 16:51 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-12-01 16:51 - 2016-12-01 16:51 - 00000820 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-12-01 16:51 - 2016-12-01 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-12-01 16:50 - 2016-12-01 18:48 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-11-30 21:36 - 2016-12-02 20:31 - 00000000 ____D C:\FRST
    2016-11-27 15:58 - 2016-11-27 15:31 - 00010209 _____ C:\Users\Yellow House\Documents\Uninstall STAR WARS The Old Republic.log
    2016-11-18 19:20 - 2016-11-25 19:47 - 00000000 ____D C:\Users\Yellow House\AppData\LocalLow\Mozilla

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-02 19:31 - 2012-07-29 13:48 - 00000000 ___RD C:\Users\Yellow House\Dropbox
    2016-12-02 19:23 - 2011-12-02 13:27 - 01644090 _____ C:\Windows\WindowsUpdate.log
    2016-12-02 19:11 - 2013-10-23 00:39 - 00000000 ____D C:\Qoobox
    2016-12-02 19:09 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
    2016-12-02 18:58 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-12-02 18:58 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-12-02 18:57 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-12-02 18:53 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-12-02 18:53 - 2011-12-02 14:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-12-02 18:53 - 2011-12-02 13:58 - 00000000 ____D C:\ProgramData\Sonic
    2016-12-02 18:53 - 2011-12-02 13:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-12-02 18:53 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-12-02 18:52 - 2009-07-13 22:51 - 00083519 _____ C:\Windows\setupact.log
    2016-12-01 21:59 - 2010-11-20 21:47 - 00288258 _____ C:\Windows\PFRO.log
    2016-12-01 19:11 - 2013-10-23 19:38 - 00000000 ____D C:\AdwCleaner
    2016-12-01 19:01 - 2015-07-20 07:01 - 00000000 ____D C:\ProgramData\Lavasoft
    2016-12-01 19:01 - 2015-07-13 00:50 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2016-11-30 21:30 - 2013-07-25 21:28 - 00000000 ____D C:\Users\Yellow House\Desktop\Log Files
    2016-11-30 21:27 - 2015-07-13 06:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-11-30 21:27 - 2015-06-16 13:30 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job
    2016-11-30 21:27 - 2015-06-16 13:30 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job
    2016-11-29 04:47 - 2015-02-28 15:20 - 00003188 _____ C:\Windows\System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C}
    2016-11-29 04:44 - 2015-07-13 06:51 - 00003774 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-11-29 04:44 - 2015-06-16 13:30 - 00003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA
    2016-11-29 04:44 - 2015-06-16 13:30 - 00003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core
    2016-11-29 04:44 - 2015-01-04 18:58 - 00004340 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2016-11-27 16:15 - 2015-10-12 17:25 - 00000000 ____D C:\Users\Younglings
    2016-11-27 16:15 - 2011-12-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
    2016-11-27 16:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2016-11-27 16:14 - 2016-10-28 08:43 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-11-27 16:14 - 2012-07-29 13:44 - 00000000 ____D C:\Users\Yellow House\AppData\Roaming\Dropbox
    2016-11-27 16:14 - 2012-05-05 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2016-11-27 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-11-27 16:13 - 2011-12-02 13:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-11-27 16:12 - 2016-07-13 19:16 - 00000000 ____D C:\Users\Public\Documents\BitRaider
    2016-11-27 15:45 - 2013-08-14 08:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
    2016-11-27 15:31 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-11-27 15:28 - 2016-07-12 18:29 - 00000000 ____D C:\Games
    2016-11-27 15:25 - 2011-12-10 18:59 - 00000000 ____D C:\Users\Yellow House
    2016-11-27 15:17 - 2016-01-12 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-12 03:05 - 2013-08-14 10:03 - 00000000 ____D C:\Windows\system32\MRT
    2016-11-02 22:05 - 2011-12-10 19:21 - 00000000 ____D C:\Users\Yellow House\AppData\Local\Nero

    ==================== Files in the root of some directories =======

    2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming\WB.CFG

    Files to move or delete:
    ====================
    C:\Users\Yellow House\Firefox Setup 45.0.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-27 16:15

    ==================== End of FRST.txt ============================
     
  17. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
    Ran by Yellow House (2016-12-02 20:31:34)
    Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\1-7-FarbarRecoveryScanTool
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-11 00:59:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2714174496-2253751676-100373542-500 - Administrator - Disabled)
    Guest (S-1-5-21-2714174496-2253751676-100373542-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2714174496-2253751676-100373542-1002 - Limited - Enabled)
    Yellow House (S-1-5-21-2714174496-2253751676-100373542-1000 - Administrator - Enabled) => C:\Users\Yellow House
    Younglings (S-1-5-21-2714174496-2253751676-100373542-1003 - Limited - Enabled) => C:\Users\Younglings

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Out of date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Out of date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
    ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
    ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - )
    Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
    Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
    Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
    Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
    Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
    Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
    Create Photo Calendars (HKLM-x32\...\CreatePhotoCalendars.5D53B1AD5E35C0AAC823426DAB2CFDAF2F7F5C07.1) (Version: 1.31 - Spectrum Software, Inc)
    Create Photo Calendars (x32 Version: 1.31 - Spectrum Software, Inc) Hidden
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{2B25AEE3-D191-4735-870E-28743D727ED8}) (Version: 1.7.1002.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
    Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    DOSBox SVN-Daum (HKLM-x32\...\DOSBox SVN-Daum) (Version: - )
    Dropbox (HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON R280 User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version: - )
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    FingerPrint 2.2.0.629 (HKLM-x32\...\{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1) (Version: 2.2.0.629 - Collobos Software)
    Free Countdown Timer 2.7.2 (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 2.7 - Comfort Software Group)
    Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
    HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)
    hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
    hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
    hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
    hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
    hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
    hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
    Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
    Java(TM) 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
    Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
    Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Pulse Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.1.5.38093 - Pulse Secure, LLC)
    Pulse Secure Host Checker (HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\PulseSecure_Host_Checker) (Version: 8.1.5.38093 - Pulse Secure, LLC)
    Pulse Secure Setup Client (HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\Juniper_Setup_Client) (Version: 8.1.5.60701 - Pulse Secure, LLC)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
    Rental Property Manager v2 (HKLM-x32\...\{0C1E9E42-578D-4D62-A16A-4AA2F9F21D0C}_is1) (Version: - Source IT Software Ltd)
    RogueKiller version 12.8.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.3.0 - Adlice Software)
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Secunia PSI (3.0.0.8013) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SKYLINK 2-in-1 Phone Utility (HKLM-x32\...\{12EBB355-5C3E-41C2-822B-9E17FBA716A0}) (Version: 2.00.011 - Giant Telecom Ltd)
    Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
    SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
    THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    YNAB 3 (HKLM-x32\...\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1) (Version: 3.6.0.5 - YouNeedABudget.com)
    YNAB 3 (x32 Version: 3.6.0 - YouNeedABudget.com) Hidden
    YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2714174496-2253751676-100373542-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    11-11-2016 03:00:20 Windows Update
    12-11-2016 03:00:28 Windows Update
    16-11-2016 17:15:57 Windows Update
    27-11-2016 16:08:10 Restore Operation
    01-12-2016 19:15:04 JRT Pre-Junkware Removal

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B4AB98A-B827-4D6F-AF6C-C579DFD7567C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2714174496-2253751676-100373542-1000
    Task: {1CDD42DB-A06A-4A62-9458-85CCB0A52474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-28] (Adobe Systems Incorporated)
    Task: {BEBC0D19-7D97-470E-88D8-D57EADDC28F6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation)
    Task: {CA7FD645-343F-4EF5-91B0-45E86B8005EB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {CAB434F5-B0DB-4BBC-AF3B-757FDC01CEA8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
    Task: {F76735D3-1A9C-4D32-A75C-4B8F8EB222CB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {FEC369D2-7FB0-4AB3-895C-E6EB1D6ECBE2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {FECD6527-87AA-4A13-BD79-64EE2809354E} - System32\Tasks\{CC1BBD53-2D80-4E47-8DF9-5651A4C8516C} => pcalua.exe -a "C:\Users\Yellow House\Downloads\AdobeAIRInstaller(1).exe" -d "C:\Users\Yellow House\Downloads"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000Core.job => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2714174496-2253751676-100373542-1000UA.job => C:\Users\Yellow House\AppData\Local\Dropbox\Update\DropboxUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-10-11 09:21 - 2012-10-04 18:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
    2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-12-02 13:44 - 2011-09-22 10:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2010-11-17 10:35 - 2010-11-17 10:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    2011-04-19 22:16 - 2011-04-19 22:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-11-10 22:53 - 2010-11-10 22:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
    2012-06-26 19:28 - 2016-06-06 14:21 - 00216400 _____ () C:\Program Files (x86)\YNAB 4\YNAB 4.exe
    2012-03-07 16:54 - 2013-07-10 17:10 - 01044480 _____ () C:\Program Files (x86)\FingerPrint\libcups2.dll
    2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2010-11-17 10:35 - 2010-11-17 10:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
    2016-05-14 09:35 - 2016-05-14 09:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
    2011-12-02 13:39 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2016-07-05 14:23 - 2016-07-05 14:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-04-22 00:08 - 2016-04-22 00:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2714174496-2253751676-100373542-1000\...\localhost -> localhost


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yellow House\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A82CF083-43D4-49C2-BD25-9078F0098C33}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{969C42A1-B504-4692-9491-E084787339D7}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
    FirewallRules: [{C8DA5CC3-4FC5-4503-9939-597C28B98BF2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{DBA0D7D5-AE12-49DF-9B7D-62742A1C2E43}] => (Allow) LPort=2869
    FirewallRules: [{A72598C5-921C-404E-AA14-4B63CB476CE6}] => (Allow) LPort=1900
    FirewallRules: [{A399839E-E784-4F80-AD61-3626220E4405}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{99E60362-084D-44AD-8056-D93D2058B8FC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{D5113E18-BF69-4559-ACB5-AE2F391A9712}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{3EB833F9-9E14-4417-9A8C-1A60F8468891}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{B403E9BB-AEB9-49E1-9E6C-34398108D765}] => (Allow) LPort=9700
    FirewallRules: [{6FE69835-BEAC-481A-B260-BF71D4F9AF58}] => (Allow) LPort=9701
    FirewallRules: [{D9AC03E0-2838-445E-BA44-F630DBF82BAF}] => (Allow) LPort=9702
    FirewallRules: [{E63F8F2C-C4DD-4C88-B489-172056AC0566}] => (Allow) LPort=9700
    FirewallRules: [{F57F380C-1DE0-457A-B07B-5ABAD98F9609}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
    FirewallRules: [{61DBECAB-7150-4EDD-AF25-F535D85096B6}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
    FirewallRules: [{876B759B-BE53-4226-8E3F-8024B7304A2F}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
    FirewallRules: [{5BF7DC2B-8F28-4F42-8DB0-52D14631827E}] => (Allow) C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{A35E28F0-2673-43A9-AEB9-818E85821D4D}] => (Allow) C:\Users\Yellow House\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{97EF9DE5-D6AB-4ABC-85DC-E6259F2E27EF}C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{75DC6BDF-82F4-4B21-BDFB-2CDE7DA630A4}C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\yellow house\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{EC873E53-18E9-482C-B93B-D2D2E563573B}] => (Allow) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
    FirewallRules: [{5315C0BB-5DC2-454B-B999-087E3058FB9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4DF65540-941B-4B8C-A02E-88FBA45EB2A7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{5BBD8762-B3BC-4004-8C15-33789D7AE7D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1DB1F8CF-F3A4-4DC3-A130-CE143AC866FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{199EBB62-C1AE-4B0E-B494-860A395D0DDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DC3A4EA9-6876-40BF-842C-8AC7AA75A284}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{F3E8BD44-CDEC-4554-82F2-8B2ED8907A0B}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe
    FirewallRules: [TCP Query User{4BA5D976-6D90-4EF1-82AF-6F9873FE1E01}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{80D03FBD-A433-4F07-8EC3-EF609495A5CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{ACB39665-DE2B-4B02-990B-85E70617C8D6}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
    FirewallRules: [{44A255DE-C5A3-4CD5-A274-14104983812C}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
    FirewallRules: [{06105F93-BBF3-4EE9-A0A3-7AAF5C47C272}] => (Allow) C:\Users\Yellow House\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{A038D36E-5F7A-4C20-AF26-8D2E2C5DB71C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{03B278E7-D06D-49C3-91DD-C9B7424BA80B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B89B8E9A-F21D-4355-971E-D6C101C98352}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{269BA9B0-518C-4C09-9F7E-BD1EF30DE55A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9EBF9164-4957-4814-AD0C-245847A85413}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{97A8B901-7902-4EB7-890B-3B8B808D0694}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EBF2DF91-C5CF-4B6E-9E7B-C68C72B4981C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6AB00BF6-474F-438C-A1D3-BC61B071409C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{18D0DD1C-0F59-4038-8A96-A3C46882EDEA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{69FB9222-254E-437D-9DBF-527B576F0B72}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{CC6DB9AA-5DEC-4613-B8C0-703C8BCD9B49}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{AFB62915-3837-4C44-8A27-0E36773DF073}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{D393CAE0-68FA-4486-9A59-D6D3C3A0EF4D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Faulty Device Manager Devices =============

    Name: DW1501 Wireless-N WLAN Half-Mini Card
    Description: DW1501 Wireless-N WLAN Half-Mini Card
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Broadcom
    Service: BCM43XX
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/02/2016 06:54:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/02/2016 04:53:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/01/2016 10:01:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/01/2016 09:21:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/01/2016 08:37:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/01/2016 07:08:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/01/2016 07:04:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdwCleaner.exe version 6.0.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d98

    Start Time: 01d24c37595b3a59

    Termination Time: 0

    Application Path: C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\4-AdwCleaner\AdwCleaner.exe

    Report Id: 34f0f391-b82b-11e6-9395-180373e90973

    Error: (12/01/2016 07:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: accept: 10022 (An invalid argument was supplied.)

    Error: (12/01/2016 04:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/30/2016 09:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (12/02/2016 07:23:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.65.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (12/02/2016 07:23:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (12/02/2016 07:23:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (12/02/2016 07:23:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (12/02/2016 07:14:49 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (12/02/2016 07:09:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (12/02/2016 07:07:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (12/02/2016 07:07:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (12/02/2016 07:07:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (12/02/2016 07:07:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.231.2114.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


    CodeIntegrity:
    ===================================
    Date: 2016-07-24 18:45:52.976
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.972
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.969
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.963
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.763
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.755
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.747
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.739
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.015
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-24 18:45:52.010
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
    Percentage of memory in use: 35%
    Total physical RAM: 8174.45 MB
    Available physical RAM: 5308.75 MB
    Total Virtual: 16347.07 MB
    Available Virtual: 13430.15 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:144.68 GB) NTFS
    Drive d: (EE_TUBA) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AC998FBC)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
    Ran by Yellow House (2016-12-02 21:27:39) Run:1
    Running from C:\Users\Yellow House\Desktop\Log Files\TechSpotDownloads\1-7-FarbarRecoveryScanTool
    Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <=======
    ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet
    Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC
    \BRDriver64.sys [X]
    2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming
    \WB.CFG
    C:\Users\Yellow House\Firefox Setup 45.0.exe
    *****************

    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully

    ========= RemoveProxy: =========

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet => Error: No automatic fix found for this entry.
    Explorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    BRDriver64_1_3_3_E02B25FC => service removed successfully
    \BRDriver64.sys [X] => Error: No automatic fix found for this entry.
    "C:\Users\Yellow House\AppData\Roaming" => Warning: FRST is scripted not to move this directory.
    \WB.CFG => Error: No automatic fix found for this entry.
    C:\Users\Yellow House\Firefox Setup 45.0.exe => moved successfully


    The system needed a reboot..

    ==== End of Fixlog 21:27:39 ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The above fix didn't work correctly.
    I'm not sure what the problem is so I contacted FRST author.
    Not sure how soon he'll reply so you'll have to hold on there.
     
  21. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    I did some file gymnastics to get the fixlist onto my computer. Would that be a possible cause for the fix not working as expected?

    I copied the contents to a presentation and converted to a Pdf on the phone. Then accessed the pdf from an app I can see from iTunes and pasted into a txt file. I wanted to get the contents to my desktop before the neighbor's computer is available to download the file tomorrow.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes. You can't do this. The file must be very same as I attached it to my reply.
    You have to redo.
     
  23. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
    Ran by Yellow House (2016-12-04 16:27:01) Run:2
    Running from C:\Users\Yellow House\Desktop
    Loaded Profiles: Yellow House (Available Profiles: Yellow House & Younglings)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    2015-07-13 07:46 - 2015-07-15 11:32 - 0000105 _____ () C:\Users\Yellow House\AppData\Roaming\WB.CFG
    C:\Users\Yellow House\Firefox Setup 45.0.exe

    *****************

    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2714174496-2253751676-100373542-1003\User" => File/Folder not found.
    HKLM\SOFTWARE\Policies\Google => key not found.

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-2714174496-2253751676-100373542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    BRDriver64_1_3_3_E02B25FC => service not found.
    C:\Users\Yellow House\AppData\Roaming\WB.CFG => moved successfully
    "C:\Users\Yellow House\Firefox Setup 45.0.exe" => File/Folder not found.

    ==== End of Fixlog 16:27:01 ====
     
  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  25. Noonan

    Noonan TS Enthusiast Topic Starter Posts: 52

    Results of screen317's Security Check version 1.014 --- 12/23/15
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.8013)
    Java(TM) 6 Update 27
    Java 7 Update 45
    Java version 32-bit out of Date!
    Adobe Flash Player 23.0.0.205
    Adobe Reader XI
    Mozilla Firefox (49.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...