Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Hers (14-03-2017 11:57:04)

Running from C:\Users\Hers\Downloads
Windows 10 Home Version 1607 (X64) (2017-02-07 01:26:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4082831485-1773989390-755940452-500 - Administrator -

Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4082831485-1773989390-755940452-503 - Limited - Disabled)
Guest (S-1-5-21-4082831485-1773989390-755940452-501 - Limited - Disabled)
Hers (S-1-5-21-4082831485-1773989390-755940452-1000 - Administrator - Enabled) =>
C:\Users\Hers
His (S-1-5-21-4082831485-1773989390-755940452-1003 - Administrator - Enabled) =>
C:\Users\His
HomeGroupUser$ (S-1-5-21-4082831485-1773989390-755940452-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000})
(Version: 16.04.00.0 - Igor Pavlov)
ABBYY FineReader for ScanSnap (TM) 5.0 (HKLM-x32\...\{FB500000-0010-0000-0000-
074957833700}) (Version: 11.0.234 - ABBYY)
AccessData FTK Imager (HKLM-x32\...\{934990D0-53A4-4AE6-B947-D0C7C27D68C4})
(Version: 3.4.0.1 - AccessData)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version:
15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100})
(Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems
Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 -
Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version:
24.0.0.221 - Adobe Systems Incorporated)
AOL Mail and AIM Gadget (HKLM-x32\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF})
(Version: 1.0.0 - AOL LLC)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller)
(Version: - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-
A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-
D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C})
(Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83})
(Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoImpression 3.0 (HKLM-x32\...\ArcSoft PhotoImpression 3.0) (Version: -
)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST
Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple
Inc.)
Boson Exam Environment (HKLM-x32\...\{3528F285-5F6D-4235-9700-A2A140CC3C02})
(Version: 3.11.0 - Boson Software, LLC)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Carbonite (HKLM-x32\...\{C7D98EFB-A351-4098-B474-1A5B362DB648}) (Version: 6.2.2
build 6819 (Jan-25-2017) - Carbonite)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.3L30
- PFU)
CardMinder V5.1 (x32 Version: 5.1.21.1 - PFU) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco
WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659})
(Version: 1.0.408 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-
739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology
Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative
Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative
Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76})
(Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-
x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative
Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD})
(Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version:
1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster
Properties x64 Edition) (Version: - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative
Technology Limited)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-
7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.2.0 - Business Objects)
Curse Client (HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-
4C3D-BF15-2C2B11260CE4}-03142017095256227\...\101a9f93b8f0bb6f) (Version: 5.1.1.792
- Curse)
Curse Client (HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-
4C3D-BF15-2C2B11260CE4}-03142017102155500\...\101a9f93b8f0bb6f) (Version: 5.1.1.792
- Curse)
CuteFTP 7 Home (HKLM-x32\...\{59D98250-CFEB-4A0B-A737-FC7CADE27852}) (Version:
7.20.0000 - GlobalSCAPE)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0
- Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045})
(Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version:
1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version:
1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version:
1.7.209.0 - Fingertapps)
Dell System Detect - 1 (HKU\S-1-5-21-4082831485-1773989390-755940452-
1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell System Detect - 1 (HKU\S-1-5-21-4082831485-1773989390-755940452-1000-
{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\58d94f3ce2c27db0)
(Version: 7.6.0.17 - Dell)
Dell System Detect - 1 (HKU\S-1-5-21-4082831485-1773989390-755940452-1000-
{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03142017102154479\...\58d94f3ce2c27db0)
(Version: 7.6.0.17 - Dell)
Dell System Detect (HKU\S-1-5-21-4082831485-1773989390-755940452-
1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
Dell System Detect (HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\73f463568823ebbe) (Version:
5.14.0.9 - Dell)
5.14.0.9 - Dell)
5.14.0.9 - Dell)
5.14.0.9 - Dell)
5.14.0.9 - Dell)
5.14.0.9 - Dell)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-
7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\Dropbox) (Version:
21.4.25 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-4C3D-
BF15-2C2B11260CE4}-03142017095255358\...\Dropbox) (Version: 21.4.25 - Dropbox,
Inc.)
BF15-2C2B11260CE4}-03142017102154479\...\Dropbox) (Version: 21.4.25 - Dropbox,
Inc.)
BF15-2C2B11260CE4}-03142017095256227\...\Dropbox) (Version: 2.2.13 - Dropbox, Inc.)
BF15-2C2B11260CE4}-03142017102155500\...\Dropbox) (Version: 2.2.13 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017095256549\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017102156103\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EPSON Copy Utility (HKLM-x32\...\{BB562D40-13F5-11D5-B7C5-00105A645748}) (Version:
- )
EPSON Photo Print (HKLM-x32\...\EPSON Photo Print) (Version: - )
EPSON Smart Panel (HKLM-x32\...\EPSON Smart Panel) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim
Kosse)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version:
1.0.0_RC_4 - )
Google Chrome (HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\Google Chrome)
(Version: 56.0.2924.87 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-
4C3D-BF15-2C2B11260CE4}-03142017095255358\...\Google Chrome) (Version: 56.0.2924.87
- Google Inc.)
- Google Inc.)
- Google Inc.)
- Google Inc.)
- Google Inc.)
- Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version:
5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 5.4.0.1083 (HKU\S-1-5-21-4082831485-1773989390-755940452-1003-
{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03142017095256227\...\GoToMeeting) (Version:
5.4.0.1083 - CitrixOnline)
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-
E35E-4C3D-BF15-2C2B11260CE4}-03142017095256549\...\GoToMeeting) (Version:
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-
E35E-4C3D-BF15-2C2B11260CE4}-03142017102156103\...\GoToMeeting) (Version:
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-4082831485-1773989390-755940452-
1000\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
Hacknet (HKLM-x32\...\Steam App 365450) (Version: - Team Fractal Alligator)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology
Limited)
HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD})
(Version: 5.0.12200.1036 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version:
5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.12 - HP) Hidden
HPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-
369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM251 (x32 Version: 3.00.0003 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA})
(Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 -
Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version:
8.0.1210.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-4C3D-
BF15-2C2B11260CE4}-03142017095256227\...\JoinMe) (Version: 2.8.1.1469 - LogMeIn,
Inc.)
join.me (HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-4C3D-
BF15-2C2B11260CE4}-03142017102155500\...\JoinMe) (Version: 2.8.1.1469 - LogMeIn,
Inc.)
join.me (HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017095256549\...\JoinMe) (Version: 2.8.1.1469 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017102156103\...\JoinMe) (Version: 2.8.1.1469 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Hidden
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215})
(Version: 2.80 - Logitech Inc.)
Lotus Notes 8.5.1 (HKLM-x32\...\{6ACD1549-274A-491B-A233-2B8B689DD0D3}) (Version:
8.51.9271 - IBM)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-
0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:
16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4082831485-1773989390-755940452-
1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\OneDriveSetup.exe) (Version:
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-
9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version:
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-
51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-
2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-
6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-
38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-
C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-
F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-
83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-
4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\
{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft
Corporation)
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft
Corporation)
{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft
Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-
B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft
Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\
{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft
Corporation)
{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft
Corporation)
{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft
Corporation)
{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft
Corporation)
{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft
Corporation)
{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft
Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft
Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft
Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-
436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US))
(Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version:
52.0.0.6270 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0
(x86 en-US)) (Version: 45.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
(Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
(Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-
EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
Network Recording Player (HKLM-x32\...\{C0F23E59-4626-4361-96E2-A5C478B51E10})
(Version: 31.5.1.12 - Cisco WebEx LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version:
16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft
Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2074 -
Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF})
(Version: 5.1.6 - Oracle Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61})
(Version: 1.3.0 - Microsoft Corporation)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC})
(Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version:
V6.5L40 - PFU)
ScanSnap Manager (x32 Version: 6.2.24.1.2 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version:
V5.6L20 - PFU)
ScanSnap Receipt (HKLM-x32\...\ScanSnap Receipt) (Version: V1.5L40 - PFU)
ScanSnap Receipt (x32 Version: 1.5.20 - PFU) Hidden
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\
{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-
77AB8EDB867A}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054})
(Version: 10.0.0 - McAfee)
Snagit 12 (HKLM-x32\...\{588591F5-74D7-4646-87C5-6A07E526F303}) (Version: 12.3.2 -
TechSmith Corporation)
Snagit 13 (HKLM-x32\...\{f40213e2-b7e5-45fa-9bc3-a671ed6d94ea}) (Version:
13.1.0.7494 - TechSmith Corporation)
Snagit 13 (x32 Version: 13.1.0 - TechSmith Corporation) Hidden
Snagit Stamps Windows-Cursors (x32 Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Windows-Interface (x32 Version: 1.0.0.0 - TechSmith Corporation)
Hidden
Snagit Stamps Windows-Keyboard (x32 Version: 1.0.0.0 - TechSmith Corporation)
Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version:
1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Total Tester Security+ Practice Exam, 2nd Edition v6.2 (HKLM-x32\...\{D9EFAEC8-
268C-46B0-9D47-E425D650E6DA}) (Version: 12.6.2 - Total Seminars, LLC)
Total Tester Security+ Study Guide, 2nd Edition v6.2 (HKLM-x32\...\{A2B4E7B2-4C6C-
4813-A68D-EA475E12500A}) (Version: 12.6.2 - Total Seminars, LLC)
Transcender Test Engine (HKLM-x32\...\Transcender Test Engine) (Version: -
Transcender)
Transcender: Exam Cert-312-50 (HKLM-x32\...\Transcender: Exam Cert-312-50 )
(Version: - Transcender )
Transcender: Exam Cert-N10-006 (HKLM-x32\...\Transcender: Exam Cert-N10-006 )
Transcender: Exam Cert-SY0-401 (HKLM-x32\...\Transcender: Exam Cert-SY0-401 )
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-
CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Update the Help and Learn Center (HKLM-x32\...\Update the Help and Learn Center)
(Version: - Hewlett-Packard Company)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-
6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-
F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS2010MergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
VueScan (HKLM\...\VueScan) (Version: - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 -
LunarG, Inc.)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-
7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WebEx Training Manager for Firefox or Chrome (HKLM-x32\...\{E57B3B6C-DA4B-4689-
AEDE-274507534D32}) (Version: 28.0.100.321 - Cisco WebEx LLC)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-
3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 -
Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-
B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-
867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}) (Version:
14.0.9029 - WinZip Computing, S.L. )
WYSIWYG Web Builder 7 (HKLM-x32\...\WYSIWYG_Web_Builder_7) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017095255358\...\ChromeHTML: ->
C:\Users\Hers\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-4C3D-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-
C0CE100EA736}\localserver32 ->
C:\Users\Hers\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-
555C57710721}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{0F22A205-CFB0-4679-8499-
A6F44A80A208}\InprocServer32 ->
C:\Users\Hers\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{1423F872-3F7F-4E57-B621-
8B1A9D49B448}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{355EC88A-02E2-4547-9DEE-
F87426484BD1}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{590C4387-5EBD-4D46-8A84-
CD0BA2EF2856}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-
C4A22EF2E5F4}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-
34D9EA01FC2E}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-
D5774E87AC98}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{793EE463-1304-471C-ADF1-
68C2FFB01247}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-
AFDC81C1B309}\InprocServer32 ->
C:\Users\Hers\AppData\Local\Citrix\GoToMeeting\5530\G2MOutlookAddin64.dll => No
File
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-
F332194690F8}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-
9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad
5\System\shellext64.dll => No File
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-
41373F017C9A}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-
471C77D0C8BA}\InprocServer32 ->
C:\Users\Hers\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-
FD4BBDF78CB2}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-
2EBAE2ECE8C9}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-
614ECF66DDAF}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{e8c77137-e224-5791-b6e9-
ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-
948E6CB34B9F}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-
CCAB78F7711C}\InprocServer32 ->
C:\Users\Hers\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314ED9-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EDA-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EDB-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EDC-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EDD-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EDE-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EDF-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FB314EE0-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-
C426E071637F}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095255358_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-
3641AAAF5E9E}\InprocServer32 ->
HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017102154479\...\ChromeHTML: ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-
C0CE100EA736}\localserver32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-
555C57710721}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{0F22A205-CFB0-4679-8499-
A6F44A80A208}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{1423F872-3F7F-4E57-B621-
8B1A9D49B448}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{355EC88A-02E2-4547-9DEE-
F87426484BD1}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{590C4387-5EBD-4D46-8A84-
CD0BA2EF2856}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-
C4A22EF2E5F4}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-
34D9EA01FC2E}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-
D5774E87AC98}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{793EE463-1304-471C-ADF1-
68C2FFB01247}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-
AFDC81C1B309}\InprocServer32 ->
File
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-
F332194690F8}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-
9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad
5\System\shellext64.dll => No File
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-
41373F017C9A}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-
471C77D0C8BA}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-
FD4BBDF78CB2}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-
2EBAE2ECE8C9}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-
614ECF66DDAF}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{e8c77137-e224-5791-b6e9-
ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-
948E6CB34B9F}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-
CCAB78F7711C}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314ED9-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314EDA-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314EDB-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314EDC-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314EDD-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314EDE-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FB314EDF-A251-47B7-93E1-
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-
C426E071637F}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017102154479_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-
3641AAAF5E9E}\InprocServer32 ->
HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\ChromeHTML: ->
CustomCLSID: HKU\S-1-5-21-4082831485-1773989390-755940452-1000_Classes\CLSID\
{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 ->
{0E270DAA-1BE6-48F2-AC49-555C57710721}\InprocServer32 -> %%systemroot%
%\system32\shell32.dll => No File
{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 ->
{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 ->
{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 ->
{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 ->
{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 ->
{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 ->
{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 ->
{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 ->
{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 ->
File
{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 ->
{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files
(x86)\TextPad 5\System\shellext64.dll => No File
{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 ->
{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 ->
{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 ->
{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 ->
{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 ->
{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 ->
{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 ->
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 ->
{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 ->
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-
CF2960B8F63E}\InprocServer32 ->
C:\Users\Champ\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell6
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-
AF20F3606282}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-
6C3BE50D980C}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-
BE4C51810A9E}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{9AA2F32D-362A-42D9-9328-
24A483E2CCC3}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-
95FFCCAEF20E}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{A78ED123-AB77-406B-9962-
2A5D9D2F7F30}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{BBACC218-34EA-4666-9D7A-
C78F2274A524}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-
23ED75B5106B}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{F241C880-6982-4CE5-8CF7-
7085BA96DA5A}\InprocServer32 ->
4.dll => No File
BF15-2C2B11260CE4}-03142017095256430_Classes\CLSID\{F8071786-1FD0-4A66-81A1-
3CBE29274458}\InprocServer32 ->
C:\Users\Champ\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.
dll => No File
==================== Scheduled Tasks (Whitelisted) =============
Task: {01955E15-9648-474D-B7C2-36A1F42A51EB} - System32\Tasks\{7F955E4D-7981-4122-

B876-0B152780D2FE} => D:\PHOTOSHP\setup.exe
Task: {02DB17E9-8C33-4473-95A8-7920E95FE140} -
System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4082831485-1773989390-755940452-1000UA
=> C:\Users\Hers\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05]
(Dropbox, Inc.)
Task: {03E5341D-281F-48CC-8079-2A332CA60E57} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4082831485-1773989390-755940452-
1000Core => C:\Users\Hers\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30]
(Google Inc.)
Task: {047F2B4A-CED4-4717-8D8A-0D4F3F665B9D} -
System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common
Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft
Corporation)
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} -
System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot
%\ehome\ehPrivJob.exe
Task: {065BAF52-03A4-4CD5-B3F8-6BFCC8973152} - System32\Tasks\{5F6010C8-60E5-41f3-
BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite
Backup\CarboniteUpgrade.exe
Task: {0C4B35B7-08BB-455D-80DD-77CE0F354D2F} - System32\Tasks\Adobe Flash Player
Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-
02-14] (Adobe Systems Incorporated)
Task: {1615FB3F-E0D1-43B7-A1B2-C7482F899D49} -
\Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {172E9C15-68C4-4DD7-8E5A-AF5E32BFE042} - System32\Tasks\{80A09C12-4A68-4BB6-
88A4-B2B1B3479C69} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
the turtle\RunawayTDOTT.exe
Task: {1C4444D2-4D84-4CCC-9CDC-32ACA333966C} - System32\Tasks\{B1CF4FBF-9EAB-4D9F-
BA27-3DF7741015E0} => pcalua.exe -a D:\LaunchTraining.exe -d D:\
Task: {1EC31974-5DC3-498E-B732-D6458CCA83B1} - System32\Tasks\{FA986E48-AC05-432C-
86C7-4E84F1528C91} => pcalua.exe -a D:\notes_designer_admin_851_w32_CZ5S0EN.exe -d
D:\
Task: {1F4C3CCE-DBDF-4378-8138-DEB58DD1B8B5} - System32\Tasks\AVAST Software\Avast
settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
[2017-01-28] (AVAST Software)
Task: {22A79468-74AE-431F-8754-0562055D72EA} -
\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} -
System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot
%\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} -
System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot
Task: {275B717B-726F-4001-AF2A-48A337FED5EB} - System32\Tasks\AVAST Software\Avast
upgrade utility => C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe
[2017-01-28] (AVAST Software)
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} -
System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir
%\ehome\MCUpdate.exe
Task: {38A7B065-4A6D-4F80-8D93-1E3E5FCFB82D} - System32\Tasks\{5B86C3B4-926D-4A5C-
97B6-38B02779F685} => pcalua.exe -a C:\Users\Hers\Downloads\VirtualBox-4.3.30-
101610-Win.exe -d C:\Users\Hers\Downloads
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} -
System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot
Task: {3F6B9DC2-74E3-4288-975E-992DE9E1E82D} -
System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files
(x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft
Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {472B78A4-E2D6-4F99-B873-EBE16B0B0F0A} -
System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} -
System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot
Task: {4F9F22C0-9523-481F-AF96-F3A52998D60F} - System32\Tasks\Avast Emergency
Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-02] (AVAST
Software)
Task: {57A18FA3-9D3B-4BE1-9B7F-D1260F47DB4E} - System32\Tasks\{1A197DAD-3FD8-4828-
9A95-6DDF976CB5A8} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
Task: {59489A88-815A-40F2-930D-23EBB6DC4E4D} - System32\Tasks\TechSmith Updater =>
C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-
09-06] (TechSmith Corporation)
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} -
System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask =>
%SystemRoot%\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} -
System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot
Task: {6338FAD3-4F7B-45D6-B5EF-25235DB61430} -
\Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6462EC89-A887-4EEC-9F81-F186BD4E555A} - System32\Tasks\{6BC4E988-601F-43E4-
8D3D-E8E6E7A5413B} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
Task: {65386BF0-FF83-49E4-98DB-E1278987C36D} - System32\Tasks\HPLJCustParticipation
=> C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {65FC1C1B-E152-4842-B93E-E1D68AA80777} -
\OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {686F61DB-71D5-4FC4-89A0-52BAC66647D5} -
\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {693D97F7-C504-4F4A-B403-77D154226636} - System32\Tasks\{3C956A3A-A0F9-482D-
9009-B6908BD0A72B} => C:\Program Files (x86)\Atari\Indigo Prophecy\Indigo
Prophecy.exe
Task: {72FFB116-983D-4436-B71A-A3ACE3747FDA} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18]
(Microsoft Corporation)
Task: {7735D543-26ED-4B15-A362-660B7FD85BAD} -
\Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} -
System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot
Task: {81BB91CB-6EA0-4D2D-B684-9E9463F21499} - System32\Tasks\{DF3AD1FE-A9BA-4180-
B783-E20CC043A260} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {8208C725-0FF2-4756-97D9-D1975D37457E} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2015-04-20] (Google Inc.)
Task: {8248E4B8-9F1F-4E43-BAEE-45F7B7C6B445} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2015-04-20] (Google Inc.)
Task: {888F3CD1-362D-4E29-8AC1-289FFB9BD605} -
\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <====
ATTENTION
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} -
System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} -
System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService =>
%SystemRoot%\ehome\ehPrivJob.exe
Task: {9269E994-B58F-4F79-8D5E-4CD8FEB1D3A5} - System32\Tasks\G2MUpdateTask-S-1-5-
21-4082831485-1773989390-755940452-1000 =>
C:\Users\Hers\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe [2017-01-26]
(Citrix Online, a division of Citrix Systems, Inc.)
Task: {945DA185-4E70-4705-AE79-B95B3AF0241E} -
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95F62F78-65FD-4889-A47B-BB2758284508} - System32\Tasks\{2FD0818B-2CC7-4892-
8F3D-ADD0FDB2475D} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
Task: {96E5DBC8-61AB-40D5-9645-98D04F0679D9} - System32\Tasks\SidebarExecute =>
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {9A32382E-9D37-451C-A687-897B263BA9F5} - System32\Tasks\{35D795F4-D945-4F80-
B121-864CDFAB4F47} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
Task: {9A69C512-7A9C-4392-BFAF-70DC721A8E60} - System32\Tasks\Adobe Acrobat Update
Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19]
(Adobe Systems Incorporated)
Task: {9D1593A8-DB96-4919-A4FA-713F6BDB372D} -
System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot
%\ehome\ehrec.exe
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} -
System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot
Task: {A5BC0CB3-9950-4D0D-B5C4-577A1B17FA8D} - System32\Tasks\{EC45477B-57E4-4173-
836D-102D522DBE7A} => D:\PHOTOSHP\setup.exe
Task: {A67B4178-6F17-4F1A-B75D-3D527A10BB00} -
\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A9D92F7E-79E0-4E2C-AD4D-F058ACBAAD6B} - System32\Tasks\G2MUploadTask-S-1-5-
21-4082831485-1773989390-755940452-1000 =>
C:\Users\Hers\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe [2017-01-26]
(Citrix Online, a division of Citrix Systems, Inc.)
Task: {AAB01607-E344-456A-B995-724107C58242} - \McAfee\McAfee Idle Detection Task
-> No File <==== ATTENTION
Task: {AD445CA6-A2AC-4E18-A2C6-5D288DDAE707} -
\Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B3296489-9AAD-4EA6-A6D5-6C67D143BADC} -
System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4082831485-1773989390-755940452-
1000Core => C:\Users\Hers\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-
05] (Dropbox, Inc.)
Task: {B5CDCC88-9E15-4D7F-AC21-BD3F759D0A4F} -
\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} -
System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} -
System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} -
System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot
Task: {BF591BBF-0D47-4DC3-A5FE-EAD74BDE624F} -
\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9F1B12A-3CEA-4F15-A87C-A65DC3A720D8} - System32\Tasks\{2EA7FE7A-BBD9-4DD7-
9626-B49DF518AC32} => D:\PHOTOSHP\setup.exe
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} -
System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot
Task: {CB4B6B6D-E338-4062-B48B-CAF0D81B170C} -
\Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D33852CA-C423-4FD3-AC01-697759769829} -
System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot
Task: {E02E132B-4A00-4BA0-B5B4-5CE8B0FD4FF6} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4082831485-1773989390-755940452-1000UA
=> C:\Users\Hers\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google
Inc.)
Task: {E15AFCB0-DF37-400E-B1CA-5B1E966C4B1C} -
\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E5C34E5A-BA41-4C85-A745-693A03808146} - System32\Tasks\{20FD5AE7-76FD-4666-
B6EA-B7BD02413246} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} -
System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot
%\ehome\ehrec.exe
Task: {E92D7978-BB69-429C-8230-F156AE7A71F1} -
System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software
Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} -
System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot
Task: {ED7A1C7A-728E-4A81-A99E-552D26B29106} - System32\Tasks\{CA245C75-C45E-4398-
A12D-17DE05165DC1} => D:\WINSETUP.EXE
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} -
System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot
Task: {EFC93267-308B-41B8-995A-28E9F5AD46D6} - System32\Tasks\SafeZone scheduled
Autoupdate 1486834341 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
[2017-03-03] (Avast Software)
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} -
System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask =>
%SystemRoot%\ehome\mcupdate.exe
Task: {F7BEACE4-C19F-48B9-B1FA-36418610B95C} - System32\Tasks\{86F7C5B9-CC4A-473B-
9092-BA637AE0904D} => C:\Program Files (x86)\PENDULO Studios\RUNAWAY - The dream of
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job =>
C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4082831485-1773989390-
755940452-1000Core.job =>
C:\Users\Hers\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4082831485-1773989390-
755940452-1000UA.job =>
C:\Users\Hers\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4082831485-1773989390-755940452-
1000.job => C:\Users\Hers\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4082831485-1773989390-755940452-
1000.job => C:\Users\Hers\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common

Files\Apple\Apple Application Support\zlib1.dll
Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ ()
C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 02681200 _____ ()
C:\WINDOWS\System32\CoreUIComponents.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 02681200 _____ ()
C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 02681200 _____ ()
C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-13 15:10 - 2017-01-13 15:10 - 00052400 _____ () C:\Program Files\FileZilla
FTP Client\fzshellext_64.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-03-16 09:44 - 2017-01-29 09:55 - 08930504 _____ () C:\Program Files
(x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft
Office\Office16\1033\GrooveIntlResource.dll
Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft
Office\Office14\1033\GrooveIntlResource.dll
2017-02-12 18:31 - 2017-02-12 18:31 - 00230064 _____ () C:\Program Files
(x86)\Notepad++\NppShell_06.dll
2016-11-20 14:11 - 2016-11-20 14:11 - 00134656 _____ ()
C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 00474112 _____ ()
C:\Windows\ShellExperiences\QuickActions.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 09760768 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 01401856 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 00757248 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 01033216 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 02424320 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTas
k.dll
2017-02-06 23:33 - 2017-02-06 23:33 - 04853760 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2017-03-09 02:16 - 00112264 _____ ()
C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 12:35 - 2010-11-17 12:35 - 00514544 _____ () C:\Program Files
(x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell
Stage\Dell Stage\AccuWeather\accuweather.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files
(x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-02-15 12:11 - 2017-02-15 12:11 - 03865088 _____ () C:\Program
Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calc
ulator.exe
2016-04-13 18:42 - 2016-02-23 10:48 - 00446464 _____ () C:\Program Files
(x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2016-04-13 18:42 - 2015-09-05 15:34 - 00241664 _____ () C:\Program Files
(x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2016-04-13 18:42 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files
(x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2016-04-13 18:42 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files
(x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2016-04-13 18:41 - 2013-03-12 09:43 - 00888832 _____ () C:\Program Files
(x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2016-04-13 18:41 - 2014-03-19 10:19 - 01884160 _____ () C:\Program Files
(x86)\PFU\ScanSnap\Driver\bookbound.dll
2017-01-20 10:11 - 2017-01-20 10:11 - 20629504 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\opencv_imgproc310.dll
2017-01-20 10:11 - 2017-01-20 10:11 - 08968192 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\opencv_core310.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 00601088 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\fontconfig.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 01152512 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\cairo.dll
2017-01-20 10:11 - 2017-01-20 10:11 - 00800768 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\opencv_photo310.dll
2017-01-20 10:10 - 2017-01-20 10:10 - 08968192 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\opencv_core300.dll
2017-01-20 10:10 - 2017-01-20 10:10 - 20629504 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\opencv_imgproc300.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 01015296 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\libxml2.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 00023552 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\iconv.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 00588288 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\pixman-1.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 00165888 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\libpng16.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 00071680 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\zlib1.dll
2017-01-20 10:12 - 2017-01-20 10:12 - 00778240 _____ () C:\Program Files
(x86)\TechSmith\Snagit 13\harfbuzz.dll
2017-03-08 14:16 - 2017-03-06 16:59 - 00807232 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-03-08 14:16 - 2017-02-08 22:19 - 00035792 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-03-08 14:16 - 2017-02-08 22:19 - 00100296 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-03-08 14:16 - 2017-02-08 22:19 - 00018888 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\select.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00019776 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-03-08 14:16 - 2017-02-08 22:19 - 00694224 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00020824 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_ti
me.pyd
2017-03-08 14:16 - 2017-02-08 22:20 - 00123856 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 01682768 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00020816 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-08 14:16 - 2017-02-08 22:19 - 00145864 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-08 14:16 - 2017-02-08 22:20 - 00019408 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-08 14:16 - 2017-02-08 22:19 - 00116688 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-03-08 14:16 - 2017-02-08 22:22 - 00105928 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00022864 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00038712 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00060736 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00024528 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00175560 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-03-08 14:16 - 2017-02-08 22:19 - 00392144 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-08 14:16 - 2017-02-08 22:22 - 00020936 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00116176 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00381760 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00124880 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00026456 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32
.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00024016 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00030160 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00043472 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00048592 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00057808 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00024016 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00246608 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00027488 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinst
allation.pyd
2017-03-08 14:16 - 2017-02-08 22:21 - 00241104 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00022336 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00025432 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot
.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00028616 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 01826104 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-03-08 14:16 - 2017-02-08 22:20 - 00083912 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 01972536 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 03928896 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00531264 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00053072 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00133432 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00224064 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00207680 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00022864 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00069968 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.py
d
2017-03-08 14:16 - 2017-03-06 17:01 - 00022872 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi
.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00021848 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror
.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00022872 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.p
yd
2017-03-08 14:16 - 2017-02-08 22:22 - 00350152 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00103232 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00023896 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignat
ure.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00025936 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-08 14:16 - 2017-02-08 22:17 - 00036296 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-08 14:16 - 2017-03-06 17:01 - 00033112 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data
.pyd
2017-03-08 14:16 - 2016-12-02 17:44 - 00293392 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-03-08 14:16 - 2017-03-06 17:01 - 00084288 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-03-08 14:16 - 2017-02-08 22:27 - 00017864 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-08 14:16 - 2017-02-08 22:27 - 01631184 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-08 14:16 - 2017-03-06 17:01 - 00042816 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00171336 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00357688 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-03-08 14:16 - 2017-02-08 22:22 - 00060880 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-03-08 14:16 - 2017-03-06 17:01 - 00026456 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.p
yd
2017-03-08 14:16 - 2017-03-06 17:01 - 00546104 _____ ()
C:\Users\Hers\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2010-11-25 00:44 - 2010-11-25 00:44 - 00375280 _____ () c:\program files
(x86)\common files\roxio shared\dllshared\SQLite352.dll
Stage\Dell Stage\AccuWeather\QtGui4.dll
Stage\Dell Stage\AccuWeather\QtCore4.dll
2017-03-02 17:57 - 2017-03-02 17:57 - 00170216 _____ () C:\Program Files\AVAST
Software\Avast\JsonRpcServer.dll
Software\Avast\libcef.dll
Software\Avast\gaming_mode_ui.dll
Software\Avast\ffl2.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files
(x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files
(x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files
(x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files
(x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files
(x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files
(x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2017-01-13 15:10 - 2017-01-13 15:10 - 00048304 _____ () C:\Program Files\FileZilla
FTP Client\fzshellext.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-
ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-
vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative
Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files
Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-
ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-
gc\build\Release\idle-gc.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00118272 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-
ext.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00117760 _____ () \\?\C:\Program Files
Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00125440 _____ () \\?\C:\Program Files
Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-10 23:17 - 2016-10-10 23:17 - 00223232 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-
vulcanjs\build\Release\VulcanJS.node
2016-10-25 10:41 - 2016-10-25 10:41 - 00098496 _____ () C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-
ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-10 23:14 - 2016-10-10 23:14 - 00121856 _____ () \\?\C:\Program Files
Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2016-10-10 23:14 - 2016-10-10 23:14 - 00166400 _____ () \\?\C:\Program Files
(x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-
gc\build\Release\idle-gc.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E [123]

AlternateDataStreams: C:\ProgramData\Temp:13EF4AF6 [420]
AlternateDataStreams: C:\ProgramData\Temp:24FECE50 [456]
AlternateDataStreams: C:\ProgramData\Temp:3F266659 [126]
AlternateDataStreams: C:\ProgramData\Temp:52641FBE [412]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [105]
AlternateDataStreams: C:\ProgramData\Temp:61AF2B29 [418]
AlternateDataStreams: C:\ProgramData\Temp:7ADA8871 [248]
AlternateDataStreams: C:\ProgramData\Temp:7EABF26C [428]
AlternateDataStreams: C:\ProgramData\Temp:92C9159A [102]
AlternateDataStreams: C:\ProgramData\Temp:95D421DF [0]
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1018]
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D [135]
AlternateDataStreams: C:\ProgramData\Temp:A3750BE5 [120]
AlternateDataStreams: C:\ProgramData\Temp:B1786630 [452]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [382]
AlternateDataStreams: C:\ProgramData\Temp:CB299F13 [470]
AlternateDataStreams: C:\Users\Hers\Desktop\xml-dump.xml:com.dropbox.attributes
[168]
AlternateDataStreams: C:\Users\Hers\Downloads\BT5r2-LEv2.7z:com.dropbox.attributes
[168]
AlternateDataStreams: C:\Users\Hers\Downloads\WSC_Forensics:com.dropbox.attributes
[168]
==================== Safe Mode (Whitelisted) ===================
"AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to
default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\008i.com

-> 008i.com
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\008k.com
-> 008k.com
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\00hq.com
-> 00hq.com
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\0190-
dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\01i.info
-> 01i.info
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-
1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\05p.com
-> 05p.com
1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\0cj.net
-> 0cj.net
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\0scan.com
-> 0scan.com
britney-spears-nude.com -> 1-britney-spears-nude.com
domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\1-se.com
-> 1-se.com
1000\...\1001movie.com -> 1001movie.com
1000\...\1001night.biz -> 1001night.biz
1000\...\100gal.net -> 100gal.net
1000\...\100sexlinks.com -> 100sexlinks.com
There are 5317 more sites.
IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-

E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\008i.com -> 008i.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\008k.com -> 008k.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\00hq.com -> 00hq.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\0190-dialers.com -> 0190-
dialers.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\01i.info -> 01i.info
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\02pmnzy5eo29bfk4.com ->
02pmnzy5eo29bfk4.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\05p.com -> 05p.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\07ic5do2myz3vzpk.com ->
07ic5do2myz3vzpk.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\08nigbmwk43i01y6.com ->
08nigbmwk43i01y6.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\093qpeuqpmz6ebfa.com ->
093qpeuqpmz6ebfa.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\0calories.net -> 0calories.net
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\0cj.net -> 0cj.net
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\0scan.com -> 0scan.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\1-britney-spears-nude.com -> 1-
britney-spears-nude.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\1-domains-registrations.com ->
1-domains-registrations.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\1-se.com -> 1-se.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\1001movie.com -> 1001movie.com
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\1001night.biz -> 1001night.biz
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\100gal.net -> 100gal.net
E35E-4C3D-BF15-2C2B11260CE4}-03142017095255358\...\100sexlinks.com ->
100sexlinks.com

dialers.com
100sexlinks.com

IE trusted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-
4C3D-BF15-2C2B11260CE4}-03142017095256227\...\dell.com -> dell.com
dialers.com
100sexlinks.com

dialers.com
100sexlinks.com

dialers.com
100sexlinks.com

dialers.com
100sexlinks.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2015-12-07 22:44 - 00000857 ____A

C:\WINDOWS\system32\Drivers\etc\hosts
10.100.0.100 elsvulnerable.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03142017095255105\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4082831485-1773989390-755940452-1000\Control Panel\Desktop\\Wallpaper
-> C:\Users\Hers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-03142017095255358\Control Panel\Desktop\\Wallpaper ->
C:\Users\Hers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-E35E-4C3D-BF15-
C:\Users\Hers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-4C3D-BF15-
C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-4C3D-BF15-
C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4082831485-1773989390-755940452-1022-{ED1FC765-E35E-4C3D-BF15-
C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-4C3D-BF15-
C:\Windows\web\wallpaper\dell\Dell_XPS_silverswirl.jpg
HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-4C3D-BF15-
C:\Windows\web\wallpaper\dell\Dell_XPS_silverswirl.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-
4C3D-BF15-2C2B11260CE4}-03142017095256702\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-
4C3D-BF15-2C2B11260CE4}-03142017102157055\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell

Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj"
--startup
MSCONFIG\startupreg: join.me.launcher =>
C:\Users\Hers\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update
Core\NvBackend.exe"
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files (x86)\NVIDIA
Corporation\3D Vision\nvstlink.exe" /install1
HKLM\...\StartupApproved\StartupFolder: => "CardMinder Viewer.lnk"
==================== FirewallRules (Whitelisted) ===============
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8612E2EC-C0AC-453D-B2ED-D56DA5A57700}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{AF0A5665-831A-44E7-A0B3-8F1A3160C71D}] => (Allow) C:\Program Files
FirewallRules: [{89D11B06-7375-4586-BC14-E9D0301855BA}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{58068A5C-09EE-4E48-9C90-0B9BA4D83A15}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{3BCB6F3F-97E6-4A95-8A67-4B81112602E7}] => (Allow) C:\Program Files
(x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1A612A13-D52A-4EBF-BE9D-7182129C5F00}] => (Allow) C:\Program Files
(x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{268027E6-727E-4B69-93D8-545E6887A49A}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA4AEA7B-D342-4E6A-AB44-F89471DB5C56}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E780327F-688F-450D-9EAA-A3CD02552079}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.8.1a\waol.exe
FirewallRules: [{61F18E5B-C758-463D-8D74-565C4B8B6E34}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.8.1a\waol.exe
FirewallRules: [{9A3931C4-087B-4191-BA19-83BA197ADF4B}] => (Allow) C:\Program Files
FirewallRules: [{0748D63F-F577-4A51-B5FC-004AE1A4E837}] => (Allow) C:\Program Files
FirewallRules: [{DA0741FE-8F91-4B99-AC12-5C97EDC5552A}] => (Allow) C:\Program Files
(x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D166DB9-2FF3-4E48-A5AE-2B04754990A6}] => (Allow) C:\Program Files
FirewallRules: [{F6884629-7413-447D-9ED7-205FB9A9EA9A}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{1970BE95-5B90-4AAB-A031-066DF2799F61}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{FCF8B75E-A256-4F71-A901-5C553D0C2B18}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{306401E4-1234-4752-865D-F7A45692C2FE}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{3348BBEC-76D7-4236-8C09-8F64789E4ADA}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{41449B1B-873B-45D0-8A22-798F8DA22E76}] => (Allow)
C:\Users\Hers\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{BA302F95-0D92-4E9A-8D01-90A646CD7808}] => (Allow) C:\Program Files
FirewallRules: [{562CB95A-45BB-4C1E-9501-4CEF85383A58}] => (Allow) C:\Program Files
FirewallRules: [{2A6BD3DF-426B-46CF-80E6-E799CC27D07A}] => (Allow) LPort=993
FirewallRules: [{EE07C7B6-CBFA-4AF9-B5B3-E5BDED29A247}] => (Allow) C:\Program Files
(x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{EA10E2B6-4984-4685-B574-04690147B771}] => (Allow) C:\Program Files
(x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{ABD0E8B8-EC1B-4D7C-9019-77E26E9606D6}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7d\waol.exe
FirewallRules: [{E1B03B1B-9BF5-4457-9B26-F5C1764EE982}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7d\waol.exe
FirewallRules: [UDP Query User{7B02CCB5-5F0E-4B64-A4A6-A1ECAE27B0E1}C:\program
files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla
firefox\firefox.exe
FirewallRules: [TCP Query User{270AC440-83CE-4932-88DE-0A44A04D483E}C:\program
files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla
firefox\firefox.exe
FirewallRules: [{6F86A1F6-F162-44A5-8E54-1BBD41417D1B}] => (Allow) C:\Program Files
FirewallRules: [{609DF760-2971-428D-A826-7E454554D27F}] => (Allow) C:\Program Files
FirewallRules: [{54114FC1-C65B-4AB4-BA09-C27A736408CF}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7c\aolbrowser.exe
FirewallRules: [{012A0B43-6AC5-4991-988B-245BBBC6ED44}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7c\aolbrowser.exe
FirewallRules: [{B81A4550-886A-4AA7-8E53-90A1869BA623}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{09106A0C-E535-4D0E-B9BC-FF69B8D12EF3}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{F5100BE8-05E1-40F9-8FF8-A4A718A276AE}] => (Allow) LPort=8298
FirewallRules: [{BDC3D8B4-25D2-4FCD-8611-F69F82BBA14D}] => (Allow) C:\Program Files
(x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{524CD0BD-CBC0-4998-BB45-3A9247FCC5AD}] => (Allow) C:\Program Files
(x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{27D7192D-AAC8-49A6-8759-52651FE4C462}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{62C8A3EF-37BC-45CB-BFDF-D1415F396750}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E2FC98DD-7A29-4EC1-853C-90B561F31F3A}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1BF64B87-2467-4B18-BDAC-51595D3E2C6C}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AC8CECCC-B3D0-4882-854B-51243A88D3F7}] => (Allow) C:\Program Files
FirewallRules: [{D25DC0A9-2DFE-474E-80F6-6FCC4EB1878A}] => (Allow) C:\Program Files
FirewallRules: [{D2223880-4B4B-47EF-A140-99C4D1D9BB3B}] => (Allow) C:\Program Files
FirewallRules: [{974A36ED-D1E1-46A2-BDBC-A396F743C9A6}] => (Allow) C:\Program Files
FirewallRules: [{11BA3651-583A-4A17-B1C3-F2D716945052}] => (Allow) C:\Program Files
(x86)\Steam\Steam.exe
FirewallRules: [{ED648511-1CC0-480B-AA3F-2E4FD9D5E253}] => (Allow) C:\Program Files
FirewallRules: [{73A66C22-CDD9-4CC8-88A8-8A3F322D5949}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{410826F4-9564-4857-A48B-85653980CF58}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{FC27B704-83A8-4C16-97EA-9C432DBAAFFF}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7b\AOLBrowser\aolbrowser.exe
FirewallRules: [{26C85843-24AF-43A7-A94C-27FE1324621D}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7b\AOLBrowser\aolbrowser.exe
FirewallRules: [{ECF47C95-0644-4560-9D0F-CA04C3E43371}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{5E2C1136-6F82-4DAD-B89B-814846928318}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{316D0F36-A4BC-4D16-B477-4505646D2EFE}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\1324165378\ee\AOLDesktop.exe
FirewallRules: [{AEEB3596-16C9-42BA-B32C-A00492F1EEE0}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\1324165378\ee\AOLDesktop.exe
FirewallRules: [{94D13C53-7002-4F4D-B6D5-148E1646B8B0}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{522D5AFA-7FDF-4283-A196-A98A87A443E5}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{C0A768D5-2274-4B4B-A7E2-4540ECB866ED}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{2A22DFD9-D273-4487-A6B2-D32FA37F88F8}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{D7DAC1EE-5C5C-42DE-A6C3-4C2EB5EB28C8}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{BD054979-1DB5-4386-816F-190BF355ACF8}] => (Allow) C:\Program Files
FirewallRules: [{4E740DD1-A99A-4027-AEC8-A237FE2AE8F4}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{6E474E29-1675-4B2B-9059-EC0A5BA999AC}] => (Allow) C:\Program Files
FirewallRules: [{6EB43BF3-DDDF-4485-BDF0-586920DBA8C1}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E1C7684B-01C4-42E0-9110-9280573AC832}] => (Allow) C:\Program Files
FirewallRules: [{1B0CA737-E769-4F0A-B5B8-BAC3AF562178}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{3AE05553-144B-450B-88F2-31217B0A8E85}] => (Allow) C:\Program Files
FirewallRules: [{A8F15CA0-9CC5-477D-8E6B-9CC83A0C7B57}] => (Allow) C:\Program Files
(x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{665878EB-DE53-4B64-9B0F-0410E63BC966}] => (Allow) C:\Program Files
FirewallRules: [{742FE7DE-9710-4E96-B9F2-FF4497D48E82}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\1324165378\ee\aolsoftware.exe
FirewallRules: [{FE0882A2-00A3-47A8-BDAA-9A41DC1064DD}] => (Allow) C:\Program Files
FirewallRules: [{92AF5659-FB2E-43A2-BB7B-8A5BF026633A}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{FA3A853C-1173-4384-8794-CD32AA483DC3}] => (Allow) C:\Program Files
FirewallRules: [{D55A8A7A-3A00-4268-967B-4816316BE4E0}] => (Allow) C:\Program Files
(x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{4F3597BE-EA51-499E-BE39-9C693F2F0F2A}] => (Allow) C:\Program Files
FirewallRules: [{362D9BA8-5DCD-4981-BBD8-F12356C0ACC6}] => (Allow) C:\Program Files
(x86)\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe
FirewallRules: [{5979B14D-A6A4-45B2-AE32-9E645FFA1F7F}] => (Allow) C:\Program Files
(x86)\HP\HP LaserJet 200 color M251\Bin\HPNetworkCommunicator.exe
FirewallRules: [{60AD32DE-74BD-4E6F-9C08-6FD785B339A1}] => (Allow)
C:\Users\Hers\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9C9C525D-863F-476D-9E8A-BC55D60255A1}] => (Allow)
FirewallRules: [{5976D21D-186A-4BC9-9488-FC95BC2293AF}] => (Allow)
FirewallRules: [{155999B9-5F7D-4326-B44C-1E8AA1BA386A}] => (Allow)
FirewallRules: [{1B4D886A-5082-4F46-A754-222D279ED7F7}] => (Allow) C:\Program Files
(x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{E18B1CA1-34A2-4406-B6E7-3C176472984F}] => (Allow) C:\Program Files
(x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [UDP Query User{B144402F-B59E-4816-8459-982FC9424ACD}C:\program
files
(x86)\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925
-1604\win32\x86\notes2.exe] => (Allow) C:\program files
-1604\win32\x86\notes2.exe
FirewallRules: [TCP Query User{529E58F7-046D-464A-97AD-5E2CE79E1D48}C:\program
files
-1604\win32\x86\notes2.exe] => (Allow) C:\program files
-1604\win32\x86\notes2.exe
FirewallRules: [{EF382B91-E0C7-4DA6-AA8B-F6E4EC31D55C}] => (Allow) LPort=67
FirewallRules: [{B07FB60B-86A9-4229-ACD9-16CF11CF0DA7}] => (Allow) LPort=67
FirewallRules: [{83234F9D-E513-44F7-9666-3F2A2978B458}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\dragon age ultimate
edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{E5C11A70-56FD-43AF-A936-5EAD5472680A}] => (Allow) C:\Program Files
(x86)\Steam\steamapps\common\dragon age ultimate
edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{22796A01-6235-42FE-83D3-984FC694D919}] => (Allow) C:\Program Files
(x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{072D11C6-EB2F-4083-9D75-3A0D2E08E035}] => (Allow) C:\Program Files
(x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{E35AF1E7-071A-491B-92E1-5909E52F3810}] => (Allow) C:\Program Files
(x86)\Origin Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{0C72A22E-751E-443C-9926-847C2A7992F8}] => (Allow) C:\Program Files
(x86)\Origin Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{044C04BE-0673-4339-A565-B152DB18C858}] => (Allow) C:\Program Files
FirewallRules: [{B6FCCE77-7824-4B4B-B9D1-99D6B808103E}] => (Allow) C:\Program Files
FirewallRules: [{DFE7400B-AE91-4813-B691-BB9BC6284910}] => (Allow) C:\Program Files
FirewallRules: [{D33FAE47-42AC-4C8E-818A-E3141BE1D443}] => (Allow) C:\Program Files
FirewallRules: [{97D1B0B0-281D-4F74-99F3-12A60260744B}] => (Allow) C:\Program Files
FirewallRules: [{F3721B79-0112-46A9-BAD3-1607CE7174C1}] => (Allow) C:\Program Files
FirewallRules: [{92F74202-CD56-4AAA-9718-A9E6797E2F63}] => (Allow) C:\Program Files
FirewallRules: [{E90FA448-F070-4337-9FF0-3DA49F5A18B1}] => (Allow) C:\Program Files
FirewallRules: [{CFB42EC9-CBB5-4DF3-B7A2-74C7F6408DFA}] => (Allow) C:\Program Files
FirewallRules: [{EAB56F37-8B3A-450A-B18B-98308484E70E}] => (Allow) C:\Program Files
FirewallRules: [{47DD7BAC-D721-4679-A4F0-2222539AC2D9}] => (Allow) C:\Program Files
FirewallRules: [{EA7DF1D0-96EE-47AB-AAC4-DFC0EECC3F67}] => (Allow) C:\Program Files
FirewallRules: [{92B07734-FFF5-4615-A666-719CB18D1904}] => (Allow) C:\Program Files
FirewallRules: [{E7C773A6-6CFD-42EE-88A5-4FDA3AE4E729}] => (Allow) C:\Program Files
FirewallRules: [{86459C6D-B4D3-4067-BC7F-DA124221F8E3}] => (Allow) C:\Program Files
FirewallRules: [{D73AC5CF-845D-4DEF-9DC6-145C0A64416B}] => (Allow) C:\Program Files
FirewallRules: [{E1406DFD-FE04-465A-A514-7B05D8433C89}] => (Allow) C:\Program Files
FirewallRules: [{5974EDE8-EA1C-4A50-B3D3-E58631BC46D9}] => (Allow) C:\Program Files
FirewallRules: [{A413F9B4-D292-47A1-A34A-7FC66449540E}] => (Allow) C:\Program
Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{FEBF3F35-F2E6-4F5F-B631-1F9811995913}] => (Allow) C:\Program
Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{516DB4D6-781B-4FAE-9982-76E9C7E8EBC1}] => (Allow) C:\Program
Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{1C8B9CEA-85B7-4EB9-BC83-18B0C74B1AFC}] => (Allow) C:\Program Files
(x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D2B8AC62-0F15-4CD8-BF70-921198CA867F}] => (Allow) LPort=1900
FirewallRules: [{62E5B533-4539-4331-9F4A-377890E01E2E}] => (Allow) LPort=2869
FirewallRules: [{0ED729F6-B139-4BC3-989F-CFF6A0E51514}] => (Allow) C:\Program Files
(x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B4680D19-E47F-43C9-AF37-FA9C081D9E01}] => (Allow) c:\Program Files
(x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{CFF53ED5-5048-4AF4-922A-BDD91FBED7AC}] => (Allow)
C:\Users\Hers\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{A16B19CB-7EDB-4160-80AB-99C18141F180}] => (Allow) C:\Program
Files\iTunes\iTunes.exe
FirewallRules: [{524CC2DA-3D2B-4835-93A6-BDCE65B80D76}] => (Allow) C:\Program
Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe
FirewallRules: [{0E89E421-BF50-4F1D-941B-81E55C85716C}] => (Allow) C:\Program
Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
==================== Restore Points =========================
09-03-2017 16:23:38 Windows Update

10-03-2017 16:46:53 Removed QuickTime 7
==================== Faulty Device Manager Devices =============
Name: NVIDIA GeForce GTX 560 Ti

Description: NVIDIA GeForce GTX 560 Ti
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This
starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/14/2017 11:24:30 AM) (Source: Microsoft-Windows-Immersive-Shell)
(EventID: 2484) (User: BEAUTY)
Description: Package Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App
was terminated because it took too long to suspend.
Error: (03/14/2017 11:12:14 AM) (Source: Microsoft-Windows-Immersive-Shell)

(EventID: 2484) (User: BEAUTY)
Description: Package
microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe+microsoft.wi
ndowslive.mail was terminated because it took too long to suspend.
Error: (03/14/2017 10:18:37 AM) (Source: Application Error) (EventID: 1000)

(User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time
stamp: 0x5881b7a1
Faulting module name: ScanControllerImpl.dll, version: 3.0.0.652, time stamp:
0x589e1d88
Exception code: 0xc0000005
Fault offset: 0x00000000001ea590
Faulting process id: 0x654
Faulting application start time: 0x01d29ab0bc1d44cb
Faulting application path: C:\Program Files\Malwarebytes\Anti-
Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-
MALWARE\ScanControllerImpl.dll
Report Id: 7c3bcdc1-215a-4dac-86d3-d7625d59a30d
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2017 03:01:15 PM) (Source: Microsoft Office 16) (EventID: 2000)
(User: )
Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last
time. Safe mode could help you troubleshoot the problem, but some features might
not be available in this mode.
Do you want to start in safe mode?.

Accepted Safe Mode action : Microsoft Word.
Error: (03/13/2017 03:00:56 PM) (Source: Application Error) (EventID: 1000)

(User: )
Description: Faulting application name: WINWORD.EXE, version: 16.0.7766.2060, time
stamp: 0x58a8fd39
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp:
0x58256d37
Exception code: 0xe0000002
Fault offset: 0x000da832
Faulting process id: 0x375c
Faulting application start time: 0x01d29c2bfde65730
Faulting application path: C:\Program Files (x86)\Microsoft
Office\root\Office16\WINWORD.EXE
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9e714c50-14ae-47d8-8bdd-60389e5fcccd
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2017 09:21:55 AM) (Source: Windows Search Service) (EventID: 3104)
(User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
(User: )
Details:
(HRESULT : 0x80040210) (0x80040210)
(User: )
Details:
(HRESULT : 0x80040210) (0x80040210)
(User: )
Details:
(HRESULT : 0x80040210) (0x80040210)
(User: )
Details:
(HRESULT : 0x80040210) (0x80040210)
System errors:
=============
Error: (03/14/2017 11:39:45 AM) (Source: Service Control Manager) (EventID: 7034)
(User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done
this 1 time(s).
Error: (03/14/2017 07:32:06 AM) (Source: DCOM) (EventID: 10016) (User: NT

AUTHORITY)
Description: The application-specific permission settings do not grant Local
Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC)
running in the application container Unavailable SID (Unavailable). This security
permission can be modified using the Component Services administrative tool.

AUTHORITY)
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}

AUTHORITY)
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
Error: (03/11/2017 06:00:32 PM) (Source: DCOM) (EventID: 10016) (User: NT

AUTHORITY)
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
Error: (03/11/2017 05:51:51 PM) (Source: Service Control Manager) (EventID: 7022)
(User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (03/11/2017 05:46:12 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: The computer has rebooted from a bugcheck. The bugcheck was:
0x00000116 (0xffffa802fbe56010, 0xfffff80d3962fd10, 0x0000000000000000,
0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id:
beb320e6-78a9-4015-91ea-fd6f479d40c0.
(User: )
Description: The NetPipeActivator service failed to start due to the following
error:
The service did not respond to the start or control request in a timely fashion.
(User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the
NetPipeActivator service to connect.
(User: )
Description: The ClickToRunSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
CodeIntegrity:
===================================
Date: 2017-03-03 15:56:23.691
Description: Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)
attempted to load
\Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f
7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level
requirements.
Date: 2017-03-03 15:56:23.640

attempted to load
\Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADO
DB.dll that did not meet the Microsoft signing level requirements.
Date: 2017-03-03 15:56:23.593

attempted to load
\Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a
\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2017-03-03 15:56:23.447

attempted to load
requirements.
Date: 2017-03-03 15:56:23.387
attempted to load
Date: 2017-03-03 15:56:23.349

attempted to load
\Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a
\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2017-03-03 15:56:21.754

attempted to load
\Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\st
dole.dll that did not meet the Microsoft signing level requirements.
Date: 2017-03-03 15:56:21.061

attempted to load
\Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\st
dole.dll that did not meet the Microsoft signing level requirements.
Date: 2017-03-03 15:53:51.169

(\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe)
attempted to load
requirements.
Date: 2017-03-03 15:53:51.121

(\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe)
attempted to load
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz

Percentage of memory in use: 47%
Total physical RAM: 12136.4 MB
Available physical RAM: 6379.28 MB
Total Virtual: 24424.4 MB
Available Virtual: 18126.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.23 GB) (Free:158.9 GB) NTFS
==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 3676D1E5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

Addition

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Addition

Hochgeladen von

Copyright:

Verfügbare Formate

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017

Ran by Hers (14-03-2017 11:57:04)

==================== Accounts: =============================

Administrator (S-1-5-21-4082831485-1773989390-755940452-500 - Administrator -

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

==================== Scheduled Tasks (Whitelisted) =============

Task: {01955E15-9648-474D-B7C2-36A1F42A51EB} - System32\Tasks\{7F955E4D-7981-4122-

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common

==================== Alternate Data Streams (Whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E [123]

==================== Safe Mode (Whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000\...\008i.com

There are 5317 more sites.

IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-

There are 5317 more sites.

IE restricted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1000-{ED1FC765-

There are 5317 more sites.

There are 5317 more sites.

IE trusted site: HKU\S-1-5-21-4082831485-1773989390-755940452-1003-{ED1FC765-E35E-

There are 5317 more sites.

IE trusted site: HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-

There are 5317 more sites.

IE trusted site: HKU\S-1-5-21-4082831485-1773989390-755940452-500-{ED1FC765-E35E-

There are 5317 more sites.

==================== Hosts content: ===============================

2009-07-13 22:34 - 2015-12-07 22:44 - 00000857 ____A

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell

==================== FirewallRules (Whitelisted) ===============

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Restore Points =========================

09-03-2017 16:23:38 Windows Update

==================== Faulty Device Manager Devices =============

Name: NVIDIA GeForce GTX 560 Ti

==================== Event log errors: =========================

Error: (03/14/2017 11:12:14 AM) (Source: Microsoft-Windows-Immersive-Shell)

Error: (03/14/2017 10:18:37 AM) (Source: Application Error) (EventID: 1000)

Do you want to start in safe mode?.

Error: (03/13/2017 03:00:56 PM) (Source: Application Error) (EventID: 1000)

Error: (03/14/2017 07:32:06 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (03/13/2017 09:22:00 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (03/12/2017 11:52:50 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (03/11/2017 06:00:32 PM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (03/11/2017 05:46:12 PM) (Source: BugCheck) (EventID: 1001) (User: )

Date: 2017-03-03 15:56:23.640

Date: 2017-03-03 15:56:23.593

Date: 2017-03-03 15:56:23.447

Date: 2017-03-03 15:56:23.349

Date: 2017-03-03 15:56:21.754

Date: 2017-03-03 15:56:21.061