1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] please help found some suspicious things

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by photomastr, Jun 20, 2017.

  1. photomastr

    photomastr Techie7 New Member

    Scaned my pc with adwarecleaner and jrt here are the results

    # AdwCleaner v6.047 - Logfile created 20/06/2017 at 11:13:44
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-06-19.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Mago - MAGOS-HP
    # Running from : C:\Users\Mago\Desktop\adwcleaner_6.047.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
    Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
    Key Found: HKU\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    Chrome pref Found: [C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
    Chrome pref Found: [C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

    [!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]


    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [4439 Bytes] - [08/02/2016 07:14:58]
    C:\AdwCleaner\AdwCleaner[C2].txt - [11289 Bytes] - [16/06/2016 20:32:13]
    C:\AdwCleaner\AdwCleaner[C3].txt - [3412 Bytes] - [20/08/2016 07:03:47]
    C:\AdwCleaner\AdwCleaner[C4].txt - [3817 Bytes] - [18/11/2016 20:22:15]
    C:\AdwCleaner\AdwCleaner[C5].txt - [16842 Bytes] - [15/01/2017 09:48:15]
    C:\AdwCleaner\AdwCleaner[R0].txt - [5174 Bytes] - [25/10/2013 18:47:54]
    C:\AdwCleaner\AdwCleaner[R10].txt - [3458 Bytes] - [01/03/2015 18:56:48]
    C:\AdwCleaner\AdwCleaner[R11].txt - [2094 Bytes] - [01/03/2015 20:33:41]
    C:\AdwCleaner\AdwCleaner[R12].txt - [15621 Bytes] - [18/05/2015 18:40:32]
    C:\AdwCleaner\AdwCleaner[R13].txt - [2275 Bytes] - [01/06/2015 19:19:46]
    C:\AdwCleaner\AdwCleaner[R1].txt - [878 Bytes] - [03/11/2013 08:11:25]
    C:\AdwCleaner\AdwCleaner[R2].txt - [1157 Bytes] - [11/11/2013 11:51:17]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1116 Bytes] - [17/11/2013 16:14:42]
    C:\AdwCleaner\AdwCleaner[R4].txt - [1236 Bytes] - [01/12/2013 08:58:41]
    C:\AdwCleaner\AdwCleaner[R5].txt - [3012 Bytes] - [17/02/2014 09:36:34]
    C:\AdwCleaner\AdwCleaner[R6].txt - [1477 Bytes] - [07/04/2014 20:31:02]
    C:\AdwCleaner\AdwCleaner[R7].txt - [2442 Bytes] - [20/04/2014 06:12:25]
    C:\AdwCleaner\AdwCleaner[R8].txt - [2093 Bytes] - [19/05/2014 05:47:39]
    C:\AdwCleaner\AdwCleaner[R9].txt - [2140 Bytes] - [13/07/2014 17:15:55]
    C:\AdwCleaner\AdwCleaner[S0].txt - [4717 Bytes] - [25/10/2013 18:49:21]
    C:\AdwCleaner\AdwCleaner[S10].txt - [3551 Bytes] - [01/03/2015 18:58:54]
    C:\AdwCleaner\AdwCleaner[S11].txt - [7363 Bytes] - [18/05/2015 18:43:04]
    C:\AdwCleaner\AdwCleaner[S12].txt - [3576 Bytes] - [20/08/2016 07:01:44]
    C:\AdwCleaner\AdwCleaner[S13].txt - [3844 Bytes] - [18/11/2016 20:20:43]
    C:\AdwCleaner\AdwCleaner[S14].txt - [18985 Bytes] - [15/01/2017 09:41:29]
    C:\AdwCleaner\AdwCleaner[S15].txt - [3733 Bytes] - [20/06/2017 11:13:44]
    C:\AdwCleaner\AdwCleaner[S1].txt - [5300 Bytes] - [03/11/2013 08:12:10]
    C:\AdwCleaner\AdwCleaner[S2].txt - [12268 Bytes] - [11/11/2013 11:52:56]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1178 Bytes] - [17/11/2013 16:15:40]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1298 Bytes] - [01/12/2013 09:00:35]
    C:\AdwCleaner\AdwCleaner[S5].txt - [3119 Bytes] - [17/02/2014 09:38:38]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1539 Bytes] - [07/04/2014 20:31:55]
    C:\AdwCleaner\AdwCleaner[S7].txt - [2523 Bytes] - [20/04/2014 06:15:01]
    C:\AdwCleaner\AdwCleaner[S8].txt - [2162 Bytes] - [19/05/2014 05:49:41]
    C:\AdwCleaner\AdwCleaner[S9].txt - [2205 Bytes] - [13/07/2014 17:17:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S15].txt - [4465 Bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Mago on Tue 06/20/2017 at 11:23:06.82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Mago\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Mago\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal"



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Mago\appdata\local\{27624AC7-25E4-4B05-8333-52C07905F274}
    Successfully deleted: [Empty Folder] C:\Users\Mago\appdata\local\{47EE0B8C-A1FE-42F4-A289-B2C9997786D4}
    Successfully deleted: [Empty Folder] C:\Users\Mago\appdata\local\{9F33E97A-B46E-4B47-95F0-687191C5B64B}
    Successfully deleted: [Empty Folder] C:\Users\Mago\appdata\local\{AF4DB80E-99A9-42A1-B3FA-514085BC9FD7}
    Successfully deleted: [Empty Folder] C:\Users\Mago\appdata\local\{D20EB4BD-BF2E-4786-A734-1ACE9AA81829}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 06/20/2017 at 11:27:47.86
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Well, nothing serious there.
    According to my instructions from your previous topic you should be running these kind of tools once in a while.
    Is your computer misbehaving?
     
  3. photomastr

    photomastr Techie7 New Member

    Just running very slow, so nothing to be concern about.
     
  4. photomastr

    photomastr Techie7 New Member

    Just running very, so nothing to be concern about?
     
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    What exactly is slow?

    Let's take closer look.

    Please, complete all steps listed HERE
     
  6. photomastr

    photomastr Techie7 New Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
    Ran by Mago (administrator) on MAGOS-HP (22-06-2017 11:12:10)
    Running from C:\Users\Mago\Desktop
    Loaded Profiles: Mago (Available Profiles: Mago)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Facebook Inc.) C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe
    (Dropbox, Inc.) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (Dropbox, Inc.) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Dropbox, Inc.) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-30] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-05-08] (cyberlink)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
    HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515848 2015-03-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Run: [Facebook Update] => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-11-16] (Facebook Inc.)
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Run: [Dropbox Update] => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-11]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-18]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-11-16]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{729B1710-4124-4D3E-92C7-4C1D56DA20AA}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{94BE11B6-38D3-4144-A185-0C63852BAB47}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{E402AD37-8019-4296-90FA-562A42D55DBC}: [DhcpNameServer] 68.87.66.254 162.150.8.31

    Internet Explorer:
    ==================
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM -> {EB938AF6-63B6-4997-9B8D-1A2F712C2A09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-761162808-2082914462-2039200112-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-29] (Oracle Corporation)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-05] (HP)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-29] (Oracle Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
    BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-05] (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll => No File
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
    Toolbar: HKU\S-1-5-21-761162808-2082914462-2039200112-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-761162808-2082914462-2039200112-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

    FireFox:
    ========
    FF DefaultProfile: vqdos5sc.default-1400507369483
    FF ProfilePath: C:\Users\Mago\AppData\Roaming\Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483 [2017-06-22]
    FF Homepage: Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483 -> comcast.net
    FF Extension: (WOT) - C:\Users\Mago\AppData\Roaming\Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-02-03]
    FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-23] [not signed]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
    FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-29] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-29] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-761162808-2082914462-2039200112-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mago\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default [2017-06-22]
    CHR Extension: (Google Drive) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
    CHR Extension: (YouTube) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
    CHR Extension: (Google Search) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-16]
    CHR Extension: (Google Docs Offline) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
    CHR Extension: (Website Logon) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl [2012-11-22]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Gmail) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-12]
    CHR Extension: (Chrome Media Router) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
    CHR Profile: C:\Users\Mago\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-06]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-08]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-761162808-2082914462-2039200112-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mago\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06]
    CHR HKU\S-1-5-21-761162808-2082914462-2039200112-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-08]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
    R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.569\McCHSvc.exe [404376 2017-05-25] (McAfee, Inc.)
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [326160 2017-05-26] (Symantec Corporation)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170620.005\BHDrvx64.sys [1862784 2017-06-13] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-11] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170621.001\IDSvia64.sys [1053824 2017-05-20] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-30] ()
    S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.023\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.023\EX64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-22 11:12 - 2017-06-22 11:12 - 00031083 _____ C:\Users\Mago\Desktop\FRST.txt
    2017-06-22 08:12 - 2017-06-22 11:12 - 00000000 ____D C:\FRST
    2017-06-22 08:10 - 2017-06-22 08:10 - 02439680 _____ (Farbar) C:\Users\Mago\Desktop\FRST64.exe
    2017-06-22 06:53 - 2016-09-29 17:06 - 00023379 _____ C:\Users\Mago\Desktop\Kinder Library Card Campaign.xlsx
    2017-06-22 06:48 - 2017-06-22 06:48 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2017-06-20 11:27 - 2017-06-20 11:27 - 00001461 _____ C:\Users\Mago\Desktop\JRT.txt
    2017-06-20 09:47 - 2017-06-20 09:48 - 04110280 _____ C:\Users\Mago\Desktop\adwcleaner_6.047.exe
    2017-06-18 16:09 - 2017-06-18 16:09 - 00000000 ____D C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-06-14 07:02 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-06-14 07:02 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-06-14 07:02 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-06-14 07:02 - 2017-04-27 15:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2017-06-14 07:02 - 2017-04-12 06:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-06-14 07:01 - 2017-06-02 01:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-06-14 07:01 - 2017-06-02 01:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-06-14 07:01 - 2017-06-02 01:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-06-14 07:01 - 2017-06-02 01:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-06-14 07:01 - 2017-06-02 01:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-06-14 07:01 - 2017-06-02 00:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-06-14 07:01 - 2017-06-02 00:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-06-14 07:01 - 2017-06-02 00:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-06-14 07:01 - 2017-06-02 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-06-14 07:01 - 2017-05-20 21:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-06-14 07:01 - 2017-05-20 21:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-06-14 07:01 - 2017-05-20 21:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-06-14 07:01 - 2017-05-20 20:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-06-14 07:01 - 2017-05-20 20:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-06-14 07:01 - 2017-05-20 20:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-06-14 07:01 - 2017-05-20 20:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-06-14 07:01 - 2017-05-20 20:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-06-14 07:01 - 2017-05-20 20:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-06-14 07:01 - 2017-05-20 20:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-06-14 07:01 - 2017-05-16 11:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-06-14 07:01 - 2017-05-16 10:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-06-14 07:01 - 2017-05-14 13:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-06-14 07:01 - 2017-05-14 13:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-06-14 07:01 - 2017-05-14 13:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-06-14 07:01 - 2017-05-14 13:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-06-14 07:01 - 2017-05-14 13:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-06-14 07:01 - 2017-05-14 13:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-06-14 07:01 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-06-14 07:01 - 2017-05-14 13:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-06-14 07:01 - 2017-05-14 13:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-06-14 07:01 - 2017-05-14 13:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-06-14 07:01 - 2017-05-14 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-06-14 07:01 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-06-14 07:01 - 2017-05-14 13:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-06-14 07:01 - 2017-05-14 13:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-06-14 07:01 - 2017-05-14 13:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-06-14 07:01 - 2017-05-14 13:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-06-14 07:01 - 2017-05-14 12:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-06-14 07:01 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-06-14 07:01 - 2017-05-14 12:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-06-14 07:01 - 2017-05-14 12:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-06-14 07:01 - 2017-05-14 12:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-06-14 07:01 - 2017-05-14 12:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-06-14 07:01 - 2017-05-14 12:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-06-14 07:01 - 2017-05-14 12:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-06-14 07:01 - 2017-05-14 12:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-06-14 07:01 - 2017-05-14 12:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-06-14 07:01 - 2017-05-14 12:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-06-14 07:01 - 2017-05-14 12:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-06-14 07:01 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-06-14 07:01 - 2017-05-14 12:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-06-14 07:01 - 2017-05-14 12:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-06-14 07:01 - 2017-05-14 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-06-14 07:01 - 2017-05-14 12:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-06-14 07:01 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-06-14 07:01 - 2017-05-14 12:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-06-14 07:01 - 2017-05-14 12:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-06-14 07:01 - 2017-05-14 12:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-06-14 07:01 - 2017-05-14 12:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-06-14 07:01 - 2017-05-14 12:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-06-14 07:01 - 2017-05-14 12:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-06-14 07:01 - 2017-05-14 12:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-06-14 07:01 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-06-14 07:01 - 2017-05-14 12:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-06-14 07:01 - 2017-05-14 12:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-06-14 07:01 - 2017-05-14 11:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-06-14 07:01 - 2017-05-14 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-06-14 07:01 - 2017-05-14 11:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-06-14 07:01 - 2017-05-14 11:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-06-14 07:01 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-06-14 07:01 - 2017-05-14 11:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-06-14 07:01 - 2017-05-14 11:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-06-14 07:01 - 2017-05-14 11:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-06-14 07:01 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-06-14 07:01 - 2017-05-14 11:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-06-14 07:01 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-06-14 07:01 - 2017-05-14 11:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-06-14 07:01 - 2017-05-14 11:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-06-14 07:01 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-06-14 07:01 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-06-14 07:01 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-06-14 07:01 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-06-14 07:01 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-06-14 07:01 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-06-14 07:01 - 2017-05-12 11:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-06-14 07:01 - 2017-05-12 11:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-06-14 07:01 - 2017-05-12 11:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-06-14 07:01 - 2017-05-12 11:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-06-14 07:01 - 2017-05-12 11:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-06-14 07:01 - 2017-05-12 11:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-06-14 07:01 - 2017-05-12 11:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-06-14 07:01 - 2017-05-12 11:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-06-14 07:01 - 2017-05-12 10:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-06-14 07:01 - 2017-05-12 10:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-06-14 07:01 - 2017-05-12 10:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-06-14 07:01 - 2017-05-12 10:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-06-14 07:01 - 2017-05-12 10:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-06-14 07:01 - 2017-05-12 10:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-06-14 07:01 - 2017-05-12 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-06-14 07:01 - 2017-05-12 10:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-06-14 07:01 - 2017-05-12 10:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-06-14 07:01 - 2017-05-12 10:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-06-14 07:01 - 2017-05-12 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-06-14 07:01 - 2017-05-12 10:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 09:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-06-14 07:01 - 2017-05-12 08:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-06-14 07:01 - 2017-05-12 08:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-06-14 07:01 - 2017-05-10 08:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
    2017-06-14 07:01 - 2017-05-10 08:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-06-14 07:01 - 2017-05-10 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-06-14 07:01 - 2017-05-10 08:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
    2017-06-14 07:01 - 2017-05-10 08:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-06-14 07:01 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-06-14 07:01 - 2017-05-10 08:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-06-14 07:01 - 2017-05-10 08:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-06-14 07:01 - 2017-05-10 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-06-14 07:01 - 2017-05-10 08:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-06-14 07:01 - 2017-05-10 08:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-06-14 07:01 - 2017-05-10 08:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-06-14 07:01 - 2017-05-10 08:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-06-14 07:01 - 2017-05-10 08:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-06-14 07:01 - 2017-05-10 07:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-06-14 07:01 - 2017-05-09 08:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-06-14 07:01 - 2017-05-09 08:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-06-14 07:01 - 2017-05-09 08:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-06-14 07:01 - 2017-05-07 08:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-06-14 07:01 - 2017-05-07 08:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-06-14 07:01 - 2017-03-30 08:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
    2017-06-14 07:01 - 2017-03-30 07:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    2017-06-13 09:25 - 2017-06-13 09:25 - 00016795 _____ C:\Users\Mago\Downloads\Salinas Public Library.pdf
    2017-06-13 09:24 - 2017-06-13 09:24 - 00010184 _____ C:\Users\Mago\Downloads\ACIS%20Site%20Survey%20-%20Salinas%20Public%20Library%20.xlsx
    2017-06-11 15:22 - 2017-06-11 15:22 - 00138076 _____ C:\Users\Mago\Desktop\Reflexions.pdf
    2017-06-11 10:13 - 2017-06-11 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-06-11 10:13 - 2017-06-11 10:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2017-06-08 14:03 - 2017-06-08 14:03 - 00003226 _____ C:\Windows\System32\Tasks\Norton WSC Integration

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-22 11:11 - 2016-11-19 20:49 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job
    2017-06-22 11:11 - 2016-11-19 20:49 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job
    2017-06-22 11:11 - 2015-06-17 18:20 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job
    2017-06-22 11:11 - 2014-03-13 13:54 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73}.job
    2017-06-22 11:11 - 2014-03-13 13:54 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73}.job
    2017-06-22 08:15 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-06-22 08:15 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-06-22 08:14 - 2016-11-22 08:17 - 00000000 ____D C:\Users\Mago\AppData\LocalLow\Mozilla
    2017-06-22 08:07 - 2013-04-18 06:29 - 00000000 ___RD C:\Users\Mago\Google Drive
    2017-06-22 08:06 - 2012-01-29 14:43 - 00000000 ____D C:\Users\Mago\AppData\LocalLow\AuthenTec
    2017-06-22 08:05 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-06-22 07:53 - 2015-06-17 18:20 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job
    2017-06-22 06:57 - 2009-07-13 22:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-06-22 06:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-06-21 08:09 - 2017-03-04 09:43 - 00000000 ____D C:\Users\Mago\Desktop\Margarita
    2017-06-20 11:14 - 2013-10-25 18:47 - 00000000 ____D C:\AdwCleaner
    2017-06-20 06:44 - 2013-03-14 07:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-20 06:44 - 2013-03-14 07:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-18 21:58 - 2013-03-14 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-18 18:05 - 2016-11-21 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-18 17:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-06-18 16:09 - 2014-09-14 12:12 - 00000000 ____D C:\Users\Mago\AppData\Roaming\Dropbox
    2017-06-18 16:06 - 2015-06-17 18:20 - 00000000 ____D C:\Users\Mago\AppData\Local\Dropbox
    2017-06-18 15:59 - 2009-07-13 21:45 - 00351976 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-06-18 15:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2017-06-18 15:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\migwiz
    2017-06-14 07:54 - 2013-08-15 08:24 - 00000000 ____D C:\Windows\system32\MRT
    2017-06-14 07:54 - 2012-02-08 07:22 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-06-14 06:41 - 2016-08-15 16:14 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-06-14 06:41 - 2016-08-15 16:03 - 00000000 ____D C:\Program Files\TrueKey
    2017-06-13 09:29 - 2017-05-08 11:24 - 00000000 ____D C:\Users\Mago\Downloads\RAR_2017
    2017-06-13 06:48 - 2016-08-15 16:17 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2017-06-13 06:48 - 2016-08-15 16:17 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk
    2017-06-11 10:36 - 2015-06-09 10:28 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-06-11 10:13 - 2016-08-15 17:58 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2017-06-11 10:13 - 2016-08-15 16:03 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2017-06-08 14:10 - 2017-05-21 18:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
    2017-06-08 14:03 - 2016-07-08 19:09 - 00002303 _____ C:\Users\Public\Desktop\Norton 360.lnk
    2017-06-08 14:03 - 2016-04-16 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
    2017-06-08 14:03 - 2016-04-12 07:41 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
    2017-05-30 15:25 - 2009-07-13 22:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-05-23 17:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

    ==================== Files in the root of some directories =======

    2015-04-14 15:23 - 2015-07-21 19:58 - 0006656 _____ () C:\Users\Mago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-01-31 19:24 - 2017-02-06 12:29 - 0001415 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-06-18 17:46

    ==================== End of FRST.txt ============================
     
  7. photomastr

    photomastr Techie7 New Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
    Ran by Mago (22-06-2017 11:12:54)
    Running from C:\Users\Mago\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-01-29 21:43:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-761162808-2082914462-2039200112-500 - Administrator - Disabled)
    Guest (S-1-5-21-761162808-2082914462-2039200112-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-761162808-2082914462-2039200112-1002 - Limited - Enabled)
    Mago (S-1-5-21-761162808-2082914462-2039200112-1000 - Administrator - Enabled) => C:\Users\Mago

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
    FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{B066BF95-890E-A532-A58F-D13E0805DC04}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
    AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
    CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.3918.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
    EPSON Artisan 720 Series Printer Uninstall (HKLM\...\EPSON Artisan 720 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
    EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
    EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Documentation (HKLM-x32\...\{E56E5D38-5972-420A-9BAF-0F84471E0142}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
    HP SimplePass PE 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.18.110.1 - Intel Security)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
    Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
    Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.569.1 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Norton Security Suite (HKLM-x32\...\N360) (Version: 22.9.4.8 - Symantec Corporation)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.81 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
    VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0186B063-84DF-4A18-B424-E806B52E081D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-16] (Facebook Inc.)
    Task: {06C2313E-CC01-4658-9E51-75F9E0BEA01B} - System32\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {087EC294-848B-48B9-BCC3-0CA7B1A7A8EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {089DE5E9-BD53-466B-B426-F7A3AE4D7A24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
    Task: {0EBF5361-83FC-4767-9F7A-6DF91E63B2DC} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {133FB9B6-04D2-405A-84D3-B5008EB5FA49} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {148D4BF5-5D65-4660-88C4-E1785995CE2E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e3467eb12e8f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {15BF503F-6487-4467-9883-A5BDA21B71C5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
    Task: {1F864364-9544-4AC8-9BA3-D7098C8EC255} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-16] (Facebook Inc.)
    Task: {207E0273-347C-4FDD-AB9C-387E9EC6938D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {2FDC2C4C-82DB-486C-A7E2-6B31C1EBE90D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {3AF20A50-7C8E-4F6E-B478-71DCC2A09292} - System32\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {557FE542-2193-4238-9378-90E82FC68A19} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e3467f3d9fc0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {689578F3-4295-4DCB-AFCF-4F65C3D00A88} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {812E115C-25C8-453F-A432-F0802EA185CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\WSCStub.exe [2017-05-26] (Symantec Corporation)
    Task: {8991079D-5B25-45D1-BE0C-CE4EB375DFCB} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {8CC25C3D-4AED-4F38-9D4A-76A9DFE34C9D} - System32\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {950E1CCF-4822-4AC4-9980-AC7E5881ED41} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
    Task: {A24DBA92-5A9A-4240-94BE-C5B9E0CBEC36} - System32\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {B6A00275-9B97-42CF-A9A2-B20034FB3E92} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {B96C0B32-BFED-4F9C-9730-0B98C61FEED4} - System32\Tasks\{94B9EB80-1AF7-402C-89FF-1E6C970346A1} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar <==== ATTENTION
    Task: {B9AB4935-B389-486A-998F-D5E5BE71961D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {BFF8969E-6F19-4C5C-BBDB-B6D2E214BD29} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-05-26] (Symantec Corporation)
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {CFA9D9DC-7EF5-408D-A693-0C66BE87FB77} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
    Task: {EAD21873-3585-4E25-8011-1CBC6A49DBD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {EDC4FB54-1ACE-4620-88C0-947577D22D56} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
    Task: {EE4251C3-70A2-4224-BDB0-3A9C670B1FA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-07] (Hewlett-Packard)
    Task: {F436F06D-CC56-40D5-9072-DC9FE22FE80F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {FE438E3D-254B-46DE-98D9-97E466607384} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE :/EXE:{EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
    Task: C:\Windows\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE :/EXE:{CD075366-A647-4CBE-B30C-389926086B73} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-04-15 11:16 - 2011-04-15 11:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    2011-05-12 14:13 - 2011-05-12 14:13 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-05-08 02:23 - 2011-05-08 02:23 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2017-06-22 08:06 - 2017-06-22 08:06 - 00098816 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32api.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00110080 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\pywintypes27.dll
    2017-06-22 08:06 - 2017-06-22 08:06 - 00364544 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\pythoncom27.dll
    2017-06-22 08:06 - 2017-06-22 08:06 - 00320512 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32com.shell.shell.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00914432 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_hashlib.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 01176576 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._core_.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00806400 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._gdi_.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00816128 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._windows_.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 01067008 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._controls_.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00733184 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._misc_.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00682496 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\pysqlite2._sqlite.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00088064 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_ctypes.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00686080 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\unicodedata.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00119808 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32file.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00108544 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32security.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00007168 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\hashobjs_ext.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00017920 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\thumbnails_ext.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00088064 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\usb_ext.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00012800 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\common.time34.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00018432 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32event.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00167936 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32gui.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00046080 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_socket.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 01303552 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_ssl.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00128512 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_elementtree.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00127488 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\pyexpat.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00038912 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32inet.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00036864 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_psutil_windows.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00524248 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\windows._lib_cacheinvalidation.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00011264 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32crypt.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00123392 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._wizard.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00077312 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._html2.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00027648 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_multiprocessing.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00020480 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\_yappi.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00035840 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32process.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00078848 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\wx._animate.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00024064 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32pipe.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00010240 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\select.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00025600 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32pdh.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00017408 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32profile.pyd
    2017-06-22 08:06 - 2017-06-22 08:06 - 00022528 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI49802\win32ts.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00775488 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 01787200 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
    2015-12-12 08:23 - 2017-06-12 04:52 - 00100296 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00018888 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\select.pyd
    2016-09-02 19:36 - 2017-06-12 04:54 - 00019776 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00035792 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00020824 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00123856 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00694224 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 01729360 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00020816 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00145864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00019408 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00116688 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2015-12-12 08:23 - 2017-06-12 04:52 - 00105928 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-08-05 06:36 - 2017-06-12 04:55 - 00022864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00060736 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00038712 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00024528 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32event.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00392656 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 00020936 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00116176 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-09-02 19:36 - 2017-06-12 04:54 - 00392512 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00124880 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-08-05 06:36 - 2017-06-12 04:55 - 00026456 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00024016 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00175560 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00030160 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00043472 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32process.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00048592 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32service.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00057808 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00024016 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00022336 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2017-05-17 18:06 - 2017-06-12 04:55 - 00082264 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
    2016-09-02 19:36 - 2017-06-12 04:55 - 00025432 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00246608 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00027488 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 03928896 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00083912 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\sip.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 01826104 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 01972024 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00028616 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00171336 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00042816 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00531264 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00133432 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00224064 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00207680 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00060880 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32print.pyd
    2017-02-27 16:50 - 2017-06-12 04:55 - 00054608 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00022864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00022872 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00021848 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00022872 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00349128 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-02-12 09:19 - 2017-06-12 04:55 - 00023896 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00025936 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00036296 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\librsync.dll
    2017-06-18 16:08 - 2017-06-12 04:54 - 00084288 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-07-11 17:38 - 2017-06-12 04:54 - 00030536 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00017864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\libEGL.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 01631184 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-09-02 19:36 - 2017-06-12 04:55 - 00026456 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
    2017-04-08 08:36 - 2017-06-12 04:54 - 00023368 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00546104 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00357688 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2017-05-11 06:53 - 2017-05-11 06:53 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1ec855392d1e10abdfe0e8e8bdb27f4b\IsdiInterop.ni.dll
    2011-10-06 07:07 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2012-10-30 10:30 - 2012-10-30 10:29 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2017-06-11 10:13 - 00000049 _____ C:\Windows\system32\Drivers\etc\hosts



    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BECC85C1-1E33-4445-AA90-5C94C8CB7A11}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{F33E2DC5-A2E4-48C3-B790-F08A7FED8798}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{33CEDAB6-00D3-4F3F-AE56-0F35D93D8A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{3CD00C4D-006E-4BA2-A1FA-9015646CCF36}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{89BD027F-B46D-4231-A2F9-D8A03C11E9D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{D03515CD-36B1-44E6-9C6B-AA6A310C4023}] => (Allow) LPort=2869
    FirewallRules: [{64B54A5C-966F-43E7-8CE6-DB72790F1218}] => (Allow) LPort=1900
    FirewallRules: [{7B26D5AA-38D7-45E2-BDB2-1B90A47FC83D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{A9D0FCB7-1D0C-4778-84E9-AE25B66EE99B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{35D69A80-C662-4C5F-8939-167DC0B84F6C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{7FE1B050-43A7-4F33-929B-D1820DEA3CA9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{A01C263A-D373-4C32-9F85-3F670995D568}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{B803E7EE-CF4A-4991-A713-1CF94DEC2C38}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{F3CE36DC-A2F7-4362-82E7-245CAE9F8A65}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B87D2D90-B4AB-4F33-920E-79B74C897363}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{D9940A1B-EBA1-446A-BFE7-FDDD3231CF2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{6023018A-01D3-4627-A9FE-81C57BF37DC2}] => (Allow) C:\Users\Mago\AppData\Local\temp\7zS3BC9.tmp\SymNRT.exe
    FirewallRules: [{DB81ABD8-B214-4DD9-959E-CE637855BC79}] => (Allow) C:\Users\Mago\AppData\Local\temp\7zS3BC9.tmp\SymNRT.exe
    FirewallRules: [{22FF4C6E-CFFD-4279-8DC9-C48AF9A0572B}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{6C81712A-0B49-4005-8B90-A4D9359EA55A}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{21AC9861-ACDC-4BBD-A9A6-0446037CF53A}] => (Allow) LPort=8888
    FirewallRules: [{AD84132C-3AF4-498E-98D7-41A8F6A86EBD}] => (Allow) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{94B5C466-D88D-4D87-87FD-E3FA72F57F99}] => (Allow) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{C526C090-3707-4D11-95C0-D574F5214FFF}] => (Allow) C:\Users\Mago\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [TCP Query User{C4238901-45E5-4ABB-A9B1-A6A1C884C9C8}C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{E23B9234-B2DF-417F-A9FC-558A1B30E9DA}C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{70AE0FF9-0030-4563-A233-9FB435A7AA84}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{149F13EA-054B-47A5-B500-8AE2B5D3C3AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{91AAF46C-58D2-432E-A2A0-A0CE9B0E3E6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{55D33E54-82C8-450B-A6A5-2038B604FCFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{27BDC18A-2408-4F6F-84B6-BAAF6432F96A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{BB7BB658-CA0B-473E-9F98-5D6C5E703A5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B9E21CB-BF82-49BC-8D1B-1B03C60F97F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AB0F827E-3A18-4065-85A7-AFC3815D0888}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9AD749DB-BFC3-4E27-9EFA-C086D1DAA7C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2050B2ED-50A4-4ECD-9EE2-016591F3206F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{547337EC-21DF-47D5-B1B7-169321BD4870}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{061A0EDC-072B-4F0B-88B1-29180B1F7B3C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{FE8CEBB6-0BB3-4718-AAEB-26F06C023858}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{BED345E3-3878-42AE-9A33-CC55BFF11D14}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{FB376078-98C5-46A9-81FA-71CD861DC17A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{B9AE6220-8CCE-4AED-A19A-4CB7604BC3C3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{7719F4D4-05AE-4FB1-9EA6-88D0667F7240}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{BFA59349-CA90-413E-B076-5CF8059D3F9A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{8EA1E22A-35AA-4F9D-A2BB-51E1441A28FF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D9A3BFB3-2EDF-4C1C-BAA1-003BBC7C9D77}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{197E74F1-E639-496C-AE6C-9DF759027984}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CE794C21-E783-41A8-960C-20A929492EB8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{F3F52BD3-5D5A-4FD4-80AF-0E630CC70F4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    09-05-2017 10:13:27 Windows Update
    10-05-2017 08:29:35 Windows Update
    23-05-2017 18:30:11 Scheduled Checkpoint
    23-05-2017 18:55:26 Windows Update
    14-06-2017 07:50:04 Windows Update
    18-06-2017 21:56:09 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: AntiLog32
    Description: AntiLog32
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: AntiLog32
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/22/2017 08:07:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/22/2017 08:06:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x350
    Faulting application start time: 0x01d2eb690afdfc2a
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: 51b847db-575c-11e7-b02d-78e3b55ee2dc

    Error: (06/22/2017 06:19:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/22/2017 06:19:15 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x34c
    Faulting application start time: 0x01d2eb5a142515fa
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: 6337cc70-574d-11e7-b0f1-78e3b55ee2dc

    Error: (06/21/2017 07:58:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/21/2017 07:57:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x364
    Faulting application start time: 0x01d2ea9eb6c72cc2
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: 031200b6-5692-11e7-94ca-78e3b55ee2dc


    System errors:
    =============
    Error: (06/22/2017 08:06:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/22/2017 08:06:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/22/2017 06:19:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/22/2017 06:18:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/21/2017 08:39:53 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (06/21/2017 07:58:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/21/2017 07:57:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.


    CodeIntegrity:
    ===================================
    Date: 2012-08-20 19:38:26.799
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-08-20 19:38:26.799
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
    Percentage of memory in use: 44%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 3365.67 MB
    Total Virtual: 12181.9 MB
    Available Virtual: 9142.55 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:679.93 GB) (Free:587.43 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Recovery) (Fixed) (Total:14.54 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0AFF17D5)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=679.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    You didn't answer my question:
    What exactly is slow?
     
  9. photomastr

    photomastr Techie7 New Member

    Slow like a snail
     
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Whole computer or something specific?
     
  11. photomastr

    photomastr Techie7 New Member

    the whole thing
     
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  13. photomastr

    photomastr Techie7 New Member

    Here are the Logs:
    RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mago [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 06/24/2017 16:14:41 (Duration : 00:46:04)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [PUP.Tific] (X64) HKEY_USERS\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Tific -> Deleted
    [PUP.Tific] (X86) HKEY_USERS\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Tific -> Deleted
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E402AD37-8019-4296-90FA-562A42D55DBC} | DhcpNameServer : 68.87.66.254 162.150.8.31 ([United States][United States]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E402AD37-8019-4296-90FA-562A42D55DBC} | DhcpNameServer : 68.87.66.254 162.150.8.31 ([United States][United States]) -> Replaced ()
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6023018A-01D3-4627-A9FE-81C57BF37DC2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Mago\AppData\Local\temp\7zS3BC9.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DB81ABD8-B214-4DD9-959E-CE637855BC79} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Mago\AppData\Local\temp\7zS3BC9.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6023018A-01D3-4627-A9FE-81C57BF37DC2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Mago\AppData\Local\temp\7zS3BC9.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DB81ABD8-B214-4DD9-959E-CE637855BC79} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Mago\AppData\Local\temp\7zS3BC9.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [PUP.Tific][Folder] C:\Users\Mago\AppData\Roaming\Tific -> Deleted
    [PUP.Tific][File] C:\Users\Mago\AppData\Roaming\Tific\Environment.tfc -> Deleted
    [PUP.Tific][File] C:\Users\Mago\AppData\Roaming\Tific\tificocs.symantec.com.tfc -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][Firefox:Config] vqdos5sc.default-1400507369483 : user_pref("browser.startup.homepage", "comcast.net"); -> Replaced (about:home)

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
    --- User ---
    [MBR] e3f271ba2864c566f076892fa6faf94d
    [BSP] cf48c302f995b75b8834d128eb736bb7 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 696250 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1426329600 | Size: 14891 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1456826368 | Size: 4062 MB
    User = LL1 ... OK
    User = LL2 ... OK

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/24/2017
    Scan Time: 5:16 PM
    Logfile: malwarebyte log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2017.06.24.09
    Rootkit Database: v2017.05.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Mago

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 333758
    Time Elapsed: 25 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    # AdwCleaner v6.047 - Logfile created 24/06/2017 at 17:56:50
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-06-23.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Mago - MAGOS-HP
    # Running from : C:\Users\Mago\Desktop\adwcleaner_6.047.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****

    [-] File deleted: C:\Users\Mago\AppData\Roaming\Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483\invalidprefs.js


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKU\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [4439 Bytes] - [08/02/2016 07:14:58]
    C:\AdwCleaner\AdwCleaner[C2].txt - [11289 Bytes] - [16/06/2016 20:32:13]
    C:\AdwCleaner\AdwCleaner[C3].txt - [3412 Bytes] - [20/08/2016 07:03:47]
    C:\AdwCleaner\AdwCleaner[C4].txt - [3817 Bytes] - [18/11/2016 20:22:15]
    C:\AdwCleaner\AdwCleaner[C5].txt - [16842 Bytes] - [15/01/2017 09:48:15]
    C:\AdwCleaner\AdwCleaner[C6].txt - [4317 Bytes] - [20/06/2017 11:14:55]
    C:\AdwCleaner\AdwCleaner[C7].txt - [1733 Bytes] - [24/06/2017 17:56:50]
    C:\AdwCleaner\AdwCleaner[R0].txt - [5174 Bytes] - [25/10/2013 18:47:54]
    C:\AdwCleaner\AdwCleaner[R10].txt - [3458 Bytes] - [01/03/2015 18:56:48]
    C:\AdwCleaner\AdwCleaner[R11].txt - [2094 Bytes] - [01/03/2015 20:33:41]
    C:\AdwCleaner\AdwCleaner[R12].txt - [15621 Bytes] - [18/05/2015 18:40:32]
    C:\AdwCleaner\AdwCleaner[R13].txt - [2275 Bytes] - [01/06/2015 19:19:46]
    C:\AdwCleaner\AdwCleaner[R1].txt - [878 Bytes] - [03/11/2013 08:11:25]
    C:\AdwCleaner\AdwCleaner[R2].txt - [1157 Bytes] - [11/11/2013 11:51:17]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1116 Bytes] - [17/11/2013 16:14:42]
    C:\AdwCleaner\AdwCleaner[R4].txt - [1236 Bytes] - [01/12/2013 08:58:41]
    C:\AdwCleaner\AdwCleaner[R5].txt - [3012 Bytes] - [17/02/2014 09:36:34]
    C:\AdwCleaner\AdwCleaner[R6].txt - [1477 Bytes] - [07/04/2014 20:31:02]
    C:\AdwCleaner\AdwCleaner[R7].txt - [2442 Bytes] - [20/04/2014 06:12:25]
    C:\AdwCleaner\AdwCleaner[R8].txt - [2093 Bytes] - [19/05/2014 05:47:39]
    C:\AdwCleaner\AdwCleaner[R9].txt - [2140 Bytes] - [13/07/2014 17:15:55]
    C:\AdwCleaner\AdwCleaner[S0].txt - [4717 Bytes] - [25/10/2013 18:49:21]
    C:\AdwCleaner\AdwCleaner[S10].txt - [3551 Bytes] - [01/03/2015 18:58:54]
    C:\AdwCleaner\AdwCleaner[S11].txt - [7363 Bytes] - [18/05/2015 18:43:04]
    C:\AdwCleaner\AdwCleaner[S12].txt - [3576 Bytes] - [20/08/2016 07:01:44]
    C:\AdwCleaner\AdwCleaner[S13].txt - [3844 Bytes] - [18/11/2016 20:20:43]
    C:\AdwCleaner\AdwCleaner[S14].txt - [18985 Bytes] - [15/01/2017 09:41:29]
    C:\AdwCleaner\AdwCleaner[S15].txt - [4553 Bytes] - [20/06/2017 11:13:44]
    C:\AdwCleaner\AdwCleaner[S16].txt - [4228 Bytes] - [24/06/2017 17:48:31]
    C:\AdwCleaner\AdwCleaner[S1].txt - [5300 Bytes] - [03/11/2013 08:12:10]
    C:\AdwCleaner\AdwCleaner[S2].txt - [12268 Bytes] - [11/11/2013 11:52:56]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1178 Bytes] - [17/11/2013 16:15:40]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1298 Bytes] - [01/12/2013 09:00:35]
    C:\AdwCleaner\AdwCleaner[S5].txt - [3119 Bytes] - [17/02/2014 09:38:38]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1539 Bytes] - [07/04/2014 20:31:55]
    C:\AdwCleaner\AdwCleaner[S7].txt - [2523 Bytes] - [20/04/2014 06:15:01]
    C:\AdwCleaner\AdwCleaner[S8].txt - [2162 Bytes] - [19/05/2014 05:49:41]
    C:\AdwCleaner\AdwCleaner[S9].txt - [2205 Bytes] - [13/07/2014 17:17:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [4082 Bytes] ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Mago on Sat 06/24/2017 at 18:09:30.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 06/24/2017 at 18:15:25.26
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. photomastr

    photomastr Techie7 New Member

    Combo fix log:
    ComboFix 17-05-24.14 - Mago 06/25/2017 7:27.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3773 [GMT -7:00]
    Running from: c:\users\Mago\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
    FW: Norton Security Suite *Disabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
    SP: Norton Security Suite *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\_ctypes.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\_elementtree.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\_hashlib.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\_multiprocessing.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\_psutil_windows.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\_socket.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\_ssl.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\_yappi.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\common.time34.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\hashobjs_ext.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\pyexpat.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\pysqlite2._sqlite.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\python27.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\pythoncom27.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\PyWinTypes27.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\select.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\thumbnails_ext.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\unicodedata.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\usb_ext.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\win32api.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32com.shell.shell.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\win32crypt.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32event.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32file.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32gui.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32inet.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32pdh.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32pipe.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32process.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32profile.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32security.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\win32ts.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\windows._lib_cacheinvalidation.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\wx._animate.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wx._controls_.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wx._core_.pyd
    c:\users\Mago\AppData\Local\temp\_MEI52202\wx._gdi_.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wx._html2.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wx._misc_.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wx._windows_.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wx._wizard.pyd
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wxbase30u_net_vc90.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wxbase30u_vc90.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wxmsw30u_adv_vc90.dll
    c:\users\Mago\AppData\Local\Temp\_MEI52202\wxmsw30u_core_vc90.dll
    c:\users\Mago\AppData\Local\temp\_MEI52202\wxmsw30u_html_vc90.dll
    c:\users\Mago\AppData\Local\temp\_MEI52202\wxmsw30u_webview_vc90.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2017-05-25 to 2017-06-25 )))))))))))))))))))))))))))))))
    .
    .
    2017-06-25 14:35 . 2017-06-25 14:35 -------- d-----w- c:\users\Public\AppData\Local\temp
    2017-06-25 14:35 . 2017-06-25 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2017-06-25 14:35 . 2017-06-25 14:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2017-06-24 23:14 . 2017-06-24 23:14 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2017-06-24 23:12 . 2017-06-24 23:12 -------- d-----w- c:\program files\RogueKiller
    2017-06-22 15:12 . 2017-06-22 18:13 -------- d-----w- C:\FRST
    2017-06-14 14:02 . 2017-04-27 22:50 3550208 ----a-w- c:\windows\SysWow64\D3DCompiler_47.dll
    2017-06-14 14:02 . 2017-04-12 13:05 4296704 ----a-w- c:\windows\system32\D3DCompiler_47.dll
    2017-06-14 14:02 . 2017-05-14 20:19 25738752 ----a-w- c:\windows\system32\mshtml.dll
    2017-06-14 14:02 . 2017-05-14 18:54 15252992 ----a-w- c:\windows\system32\ieframe.dll
    2017-06-11 17:13 . 2017-06-11 17:13 -------- d-----w- c:\programdata\McAfee Security Scan
    2017-06-08 13:07 . 2017-06-23 15:40 -------- d-----w- c:\windows\system32\drivers\N360x64\1609040.008
    2017-06-05 22:59 . 2017-06-05 22:59 18412800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2017-06-25 01:24 . 2014-07-13 23:31 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2017-06-14 14:54 . 2012-02-08 14:22 133627792 -c--a-w- c:\windows\system32\MRT.exe
    2017-05-21 19:37 . 2016-04-12 14:41 102608 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2017-05-12 18:03 . 2017-06-14 14:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2017-04-21 15:34 . 2017-05-10 15:18 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2017-04-21 15:15 . 2017-05-10 15:18 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2017-04-17 15:37 . 2017-05-10 15:18 512000 ----a-w- c:\windows\system32\rpcss.dll
    2017-04-17 15:37 . 2017-05-10 15:18 2065408 ----a-w- c:\windows\system32\ole32.dll
    2017-04-17 15:37 . 2017-05-10 15:18 876544 ----a-w- c:\windows\system32\oleaut32.dll
    2017-04-17 15:37 . 2017-05-10 15:18 26112 ----a-w- c:\windows\system32\oleres.dll
    2017-04-17 15:37 . 2017-05-10 15:18 8704 ----a-w- c:\windows\system32\comcat.dll
    2017-04-17 15:12 . 2017-05-10 15:18 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
    2017-04-17 15:12 . 2017-05-10 15:18 581632 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2017-04-17 15:12 . 2017-05-10 15:18 26112 ----a-w- c:\windows\SysWow64\oleres.dll
    2017-04-17 14:54 . 2017-05-10 15:18 7168 ----a-w- c:\windows\SysWow64\comcat.dll
    2017-04-12 15:32 . 2017-05-10 15:18 229376 ----a-w- c:\windows\system32\wintrust.dll
    2017-04-12 15:32 . 2017-05-10 15:18 1483776 ----a-w- c:\windows\system32\crypt32.dll
    2017-04-12 15:32 . 2017-05-10 15:18 190976 ----a-w- c:\windows\system32\cryptsvc.dll
    2017-04-12 15:32 . 2017-05-10 15:18 141824 ----a-w- c:\windows\system32\cryptnet.dll
    2017-04-12 15:26 . 2017-05-10 15:18 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
    2017-04-12 15:25 . 2017-05-10 15:18 1176064 ----a-w- c:\windows\SysWow64\crypt32.dll
    2017-04-12 15:25 . 2017-05-10 15:18 145920 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2017-04-12 15:25 . 2017-05-10 15:18 106496 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2017-04-07 15:34 . 2017-05-10 15:18 986856 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2017-04-07 15:34 . 2017-05-10 15:18 265448 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2017-04-07 15:30 . 2017-05-10 15:18 144384 ----a-w- c:\windows\system32\cdd.dll
    2017-04-05 14:55 . 2017-05-10 15:18 460800 ----a-w- c:\windows\system32\drivers\srv.sys
    2017-04-05 14:55 . 2017-05-10 15:18 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
    2017-04-05 14:55 . 2017-05-10 15:18 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2017-04-04 15:34 . 2017-05-10 15:18 1895656 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2017-04-04 15:34 . 2017-05-10 15:18 377576 ----a-w- c:\windows\system32\drivers\netio.sys
    2017-04-04 15:34 . 2017-05-10 15:18 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2017-04-04 14:53 . 2017-05-10 15:18 496128 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2017-03-21 23819304]
    "Dropbox Update"="c:\users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-05 143144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-08 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2016-09-02 67384]
    "YouCam Service6"="c:\program files (x86)\CyberLink\YouCam6\YouCamService6.exe" [2015-03-20 515848]
    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2014-05-26 642664]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2014-05-26 863848]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2016-01-20 1087184]
    .
    c:\users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-6-18 3487032]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2015-10-13 228552]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.569\SSScheduler.exe [2017-5-25 727008]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "RequireSignedAppInit_DLLs"=0 (0x0)
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/08 11:10;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.569\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.569\McCHSvc.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\N360x64\1609040.008\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1609040.008\SYMEFASI64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170623.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170623.001\BHDrvx64.sys [x]
    S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1609040.008\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1609040.008\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170623.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170623.001\IDSvia64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1609040.008\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1609040.008\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1609040.008\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
    S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
    S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
    S2 N360;Norton 360;c:\program files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [x]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
    S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 clwvd6;CyberLink WebCam Virtual Driver 6.0 Service;c:\windows\system32\DRIVERS\clwvd6.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd6.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_38F51D56
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:16]
    .
    2017-06-24 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job
    - c:\users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 14:37]
    .
    2017-06-25 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job
    - c:\users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 14:37]
    .
    2017-06-25 c:\windows\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job
    - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2016-11-20 09:20]
    .
    2017-06-25 c:\windows\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job
    - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2016-11-20 09:20]
    .
    2017-06-25 c:\windows\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73}.job
    - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-03-13 08:20]
    .
    2017-06-25 c:\windows\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73}.job
    - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-03-13 08:20]
    .
    2017-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job
    - c:\users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-16 22:03]
    .
    2017-03-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job
    - c:\users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-16 22:03]
    .
    2015-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-22 17:08]
    .
    2015-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-22 17:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2017-03-21 15:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2017-03-21 15:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2017-03-21 15:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2017-06-12 11:42 278344 ----a-w- c:\users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-30 1664000]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-09-09 176440]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Mago\AppData\Roaming\Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Uploader - c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe
    ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\22.9.4.8\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine32\22.9.4.8;c:\program files (x86)\Norton Security Suite\Engine\22.9.4.8"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.20"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2017-06-25 07:45:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2017-06-25 14:45
    ComboFix2.txt 2012-08-21 02:44
    .
    Pre-Run: 630,530,269,184 bytes free
    Post-Run: 633,993,752,576 bytes free
    .
    - - End Of File - - 8C571E651CA4FD8977E87A9F41406EFD
     
  16. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  17. photomastr

    photomastr Techie7 New Member

    Farbar Recovery Scan tool window says Failed to update (3). Should I still run it?
     
  18. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  19. photomastr

    photomastr Techie7 New Member

    logs:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
    Ran by Mago (administrator) on MAGOS-HP (25-06-2017 15:40:48)
    Running from C:\Users\Mago\Desktop
    Loaded Profiles: Mago (Available Profiles: Mago)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe
    (Dropbox, Inc.) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Dropbox, Inc.) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Dropbox, Inc.) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-30] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-05-08] (cyberlink)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
    HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515848 2015-03-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Run: [Dropbox Update] => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-11]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-18]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-11-16]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{729B1710-4124-4D3E-92C7-4C1D56DA20AA}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{94BE11B6-38D3-4144-A185-0C63852BAB47}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM -> {EB938AF6-63B6-4997-9B8D-1A2F712C2A09} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-761162808-2082914462-2039200112-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-29] (Oracle Corporation)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-05] (HP)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-29] (Oracle Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
    BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-05] (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll => No File
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
    Toolbar: HKU\S-1-5-21-761162808-2082914462-2039200112-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-761162808-2082914462-2039200112-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

    FireFox:
    ========
    FF DefaultProfile: vqdos5sc.default-1400507369483
    FF ProfilePath: C:\Users\Mago\AppData\Roaming\Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483 [2017-06-25]
    FF Extension: (WOT) - C:\Users\Mago\AppData\Roaming\Mozilla\Firefox\Profiles\vqdos5sc.default-1400507369483\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-02-03]
    FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-23] [not signed]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
    FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-29] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-29] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-761162808-2082914462-2039200112-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mago\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default [2017-06-25]
    CHR Extension: (Google Drive) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
    CHR Extension: (YouTube) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
    CHR Extension: (Google Search) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-16]
    CHR Extension: (Google Docs Offline) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
    CHR Extension: (Website Logon) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl [2012-11-22]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Gmail) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-12]
    CHR Extension: (Chrome Media Router) - C:\Users\Mago\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
    CHR Profile: C:\Users\Mago\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-06]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-08]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-761162808-2082914462-2039200112-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mago\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06]
    CHR HKU\S-1-5-21-761162808-2082914462-2039200112-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-08]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
    R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.569\McCHSvc.exe [404376 2017-05-25] (McAfee, Inc.)
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [326160 2017-05-26] (Symantec Corporation)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170623.001\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-11] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170623.001\IDSvia64.sys [1053824 2017-05-20] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
    S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.023\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.023\EX64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-25 07:45 - 2017-06-25 07:45 - 00034633 _____ C:\ComboFix.txt
    2017-06-25 07:24 - 2017-06-25 07:45 - 00000000 ____D C:\Qoobox
    2017-06-25 07:24 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
    2017-06-25 07:24 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
    2017-06-25 07:24 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-06-25 07:24 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-06-25 07:24 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-06-25 07:24 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
    2017-06-25 07:24 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
    2017-06-25 07:24 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
    2017-06-25 07:20 - 2017-06-25 07:20 - 05659194 ____R (Swearware) C:\Users\Mago\Desktop\ComboFix.exe
    2017-06-24 18:25 - 2017-06-24 18:25 - 00001059 _____ C:\Users\Mago\Desktop\malwarebyte log.txt
    2017-06-24 18:15 - 2017-06-24 18:15 - 00000632 _____ C:\Users\Mago\Desktop\JRT.txt
    2017-06-24 17:59 - 2017-06-24 17:59 - 00004165 _____ C:\Users\Mago\Desktop\AdwCleaner[C7].txt
    2017-06-24 17:11 - 2017-06-24 17:11 - 00008478 _____ C:\Users\Mago\Desktop\rk_5320.tmp.txt
    2017-06-24 16:14 - 2017-06-24 16:14 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-06-24 16:14 - 2017-06-24 16:14 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2017-06-24 16:12 - 2017-06-24 16:12 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-06-24 16:12 - 2017-06-24 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-06-24 16:12 - 2017-06-24 16:12 - 00000000 ____D C:\Program Files\RogueKiller
    2017-06-24 16:06 - 2017-06-24 16:07 - 35438416 _____ (Adlice Software ) C:\Users\Mago\Desktop\RogueKiller_setup.exe
    2017-06-24 16:01 - 2017-06-24 16:02 - 35438416 _____ (Adlice Software ) C:\Users\Mago\Desktop\RogueKiller_setup_ref3.exe
    2017-06-24 07:40 - 2017-06-24 07:40 - 00000063 _____ C:\Users\Mago\Downloads\Contact Information.csv
    2017-06-22 11:12 - 2017-06-25 15:41 - 00030217 _____ C:\Users\Mago\Desktop\FRST.txt
    2017-06-22 11:12 - 2017-06-22 11:13 - 00058399 _____ C:\Users\Mago\Desktop\Addition.txt
    2017-06-22 08:12 - 2017-06-25 15:40 - 00000000 ____D C:\FRST
    2017-06-22 08:10 - 2017-06-22 08:10 - 02439680 _____ (Farbar) C:\Users\Mago\Desktop\FRST64.exe
    2017-06-22 06:53 - 2016-09-29 17:06 - 00023379 _____ C:\Users\Mago\Desktop\Kinder Library Card Campaign.xlsx
    2017-06-20 09:47 - 2017-06-20 09:48 - 04110280 _____ C:\Users\Mago\Desktop\adwcleaner_6.047.exe
    2017-06-18 16:09 - 2017-06-18 16:09 - 00000000 ____D C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-06-14 07:02 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-06-14 07:02 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-06-14 07:02 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-06-14 07:02 - 2017-04-27 15:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2017-06-14 07:02 - 2017-04-12 06:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-06-14 07:01 - 2017-06-02 01:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-06-14 07:01 - 2017-06-02 01:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-06-14 07:01 - 2017-06-02 01:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-06-14 07:01 - 2017-06-02 01:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-06-14 07:01 - 2017-06-02 01:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-06-14 07:01 - 2017-06-02 01:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-06-14 07:01 - 2017-06-02 01:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-06-14 07:01 - 2017-06-02 00:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-06-14 07:01 - 2017-06-02 00:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-06-14 07:01 - 2017-06-02 00:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-06-14 07:01 - 2017-06-02 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-06-14 07:01 - 2017-05-20 21:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-06-14 07:01 - 2017-05-20 21:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-06-14 07:01 - 2017-05-20 21:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-06-14 07:01 - 2017-05-20 21:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-06-14 07:01 - 2017-05-20 21:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-06-14 07:01 - 2017-05-20 20:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-06-14 07:01 - 2017-05-20 20:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-06-14 07:01 - 2017-05-20 20:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-06-14 07:01 - 2017-05-20 20:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-06-14 07:01 - 2017-05-20 20:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-06-14 07:01 - 2017-05-20 20:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-06-14 07:01 - 2017-05-20 20:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-06-14 07:01 - 2017-05-16 11:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-06-14 07:01 - 2017-05-16 10:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-06-14 07:01 - 2017-05-14 13:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-06-14 07:01 - 2017-05-14 13:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-06-14 07:01 - 2017-05-14 13:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-06-14 07:01 - 2017-05-14 13:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-06-14 07:01 - 2017-05-14 13:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-06-14 07:01 - 2017-05-14 13:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-06-14 07:01 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-06-14 07:01 - 2017-05-14 13:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-06-14 07:01 - 2017-05-14 13:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-06-14 07:01 - 2017-05-14 13:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-06-14 07:01 - 2017-05-14 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-06-14 07:01 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-06-14 07:01 - 2017-05-14 13:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-06-14 07:01 - 2017-05-14 13:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-06-14 07:01 - 2017-05-14 13:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-06-14 07:01 - 2017-05-14 13:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-06-14 07:01 - 2017-05-14 12:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-06-14 07:01 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-06-14 07:01 - 2017-05-14 12:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-06-14 07:01 - 2017-05-14 12:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-06-14 07:01 - 2017-05-14 12:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-06-14 07:01 - 2017-05-14 12:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-06-14 07:01 - 2017-05-14 12:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-06-14 07:01 - 2017-05-14 12:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-06-14 07:01 - 2017-05-14 12:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-06-14 07:01 - 2017-05-14 12:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-06-14 07:01 - 2017-05-14 12:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-06-14 07:01 - 2017-05-14 12:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-06-14 07:01 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-06-14 07:01 - 2017-05-14 12:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-06-14 07:01 - 2017-05-14 12:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-06-14 07:01 - 2017-05-14 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-06-14 07:01 - 2017-05-14 12:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-06-14 07:01 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-06-14 07:01 - 2017-05-14 12:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-06-14 07:01 - 2017-05-14 12:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-06-14 07:01 - 2017-05-14 12:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-06-14 07:01 - 2017-05-14 12:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-06-14 07:01 - 2017-05-14 12:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-06-14 07:01 - 2017-05-14 12:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-06-14 07:01 - 2017-05-14 12:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-06-14 07:01 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-06-14 07:01 - 2017-05-14 12:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-06-14 07:01 - 2017-05-14 12:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-06-14 07:01 - 2017-05-14 11:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-06-14 07:01 - 2017-05-14 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-06-14 07:01 - 2017-05-14 11:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-06-14 07:01 - 2017-05-14 11:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-06-14 07:01 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-06-14 07:01 - 2017-05-14 11:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-06-14 07:01 - 2017-05-14 11:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-06-14 07:01 - 2017-05-14 11:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-06-14 07:01 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-06-14 07:01 - 2017-05-14 11:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-06-14 07:01 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-06-14 07:01 - 2017-05-14 11:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-06-14 07:01 - 2017-05-14 11:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-06-14 07:01 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-06-14 07:01 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-06-14 07:01 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-06-14 07:01 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-06-14 07:01 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-06-14 07:01 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-06-14 07:01 - 2017-05-12 11:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-06-14 07:01 - 2017-05-12 11:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-06-14 07:01 - 2017-05-12 11:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-06-14 07:01 - 2017-05-12 11:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-06-14 07:01 - 2017-05-12 11:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-06-14 07:01 - 2017-05-12 11:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-06-14 07:01 - 2017-05-12 11:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-06-14 07:01 - 2017-05-12 11:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-06-14 07:01 - 2017-05-12 10:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-06-14 07:01 - 2017-05-12 10:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-06-14 07:01 - 2017-05-12 10:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-06-14 07:01 - 2017-05-12 10:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-06-14 07:01 - 2017-05-12 10:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-06-14 07:01 - 2017-05-12 10:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-06-14 07:01 - 2017-05-12 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-06-14 07:01 - 2017-05-12 10:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-06-14 07:01 - 2017-05-12 10:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-06-14 07:01 - 2017-05-12 10:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-06-14 07:01 - 2017-05-12 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-06-14 07:01 - 2017-05-12 10:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 10:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-06-14 07:01 - 2017-05-12 09:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-06-14 07:01 - 2017-05-12 08:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-06-14 07:01 - 2017-05-12 08:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-06-14 07:01 - 2017-05-10 08:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
    2017-06-14 07:01 - 2017-05-10 08:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-06-14 07:01 - 2017-05-10 08:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-06-14 07:01 - 2017-05-10 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-06-14 07:01 - 2017-05-10 08:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
    2017-06-14 07:01 - 2017-05-10 08:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-06-14 07:01 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-06-14 07:01 - 2017-05-10 08:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-06-14 07:01 - 2017-05-10 08:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-06-14 07:01 - 2017-05-10 08:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-06-14 07:01 - 2017-05-10 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-06-14 07:01 - 2017-05-10 08:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-06-14 07:01 - 2017-05-10 08:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-06-14 07:01 - 2017-05-10 08:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-06-14 07:01 - 2017-05-10 08:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-06-14 07:01 - 2017-05-10 08:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-06-14 07:01 - 2017-05-10 07:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-06-14 07:01 - 2017-05-09 08:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-06-14 07:01 - 2017-05-09 08:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-06-14 07:01 - 2017-05-09 08:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-06-14 07:01 - 2017-05-07 08:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-06-14 07:01 - 2017-05-07 08:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-06-14 07:01 - 2017-03-30 08:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
    2017-06-14 07:01 - 2017-03-30 07:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    2017-06-13 09:25 - 2017-06-13 09:25 - 00016795 _____ C:\Users\Mago\Downloads\Salinas Public Library.pdf
    2017-06-13 09:24 - 2017-06-13 09:24 - 00010184 _____ C:\Users\Mago\Downloads\ACIS%20Site%20Survey%20-%20Salinas%20Public%20Library%20.xlsx
    2017-06-11 15:22 - 2017-06-11 15:22 - 00138076 _____ C:\Users\Mago\Desktop\Reflexions.pdf
    2017-06-11 10:13 - 2017-06-11 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-06-11 10:13 - 2017-06-11 10:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2017-06-08 14:03 - 2017-06-08 14:03 - 00003226 _____ C:\Windows\System32\Tasks\Norton WSC Integration

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-25 15:40 - 2016-11-22 08:17 - 00000000 ____D C:\Users\Mago\AppData\LocalLow\Mozilla
    2017-06-25 15:40 - 2015-06-17 18:20 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job
    2017-06-25 15:39 - 2016-11-19 20:49 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job
    2017-06-25 15:39 - 2016-11-19 20:49 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job
    2017-06-25 13:35 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-06-25 13:35 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-06-25 13:28 - 2013-04-18 06:29 - 00000000 ___RD C:\Users\Mago\Google Drive
    2017-06-25 13:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-06-25 11:27 - 2012-01-29 14:43 - 00000000 ____D C:\Users\Mago\AppData\LocalLow\AuthenTec
    2017-06-25 07:45 - 2014-04-22 13:30 - 00000000 ____D C:\Users\dub_cm_auto
    2017-06-25 07:37 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
    2017-06-25 07:35 - 2012-08-20 19:26 - 00000000 ____D C:\Windows\erdnt
    2017-06-25 07:34 - 2016-08-15 16:03 - 00000000 ____D C:\Program Files\TrueKey
    2017-06-24 18:24 - 2014-07-13 16:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-06-24 17:56 - 2013-10-25 18:47 - 00000000 ____D C:\AdwCleaner
    2017-06-24 17:44 - 2014-03-13 13:54 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73}.job
    2017-06-24 17:44 - 2014-03-13 13:54 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73}.job
    2017-06-24 17:12 - 2014-08-30 20:51 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-24 15:59 - 2016-08-15 16:18 - 00000000 ____D C:\Users\Mago\AppData\Local\tkdata
    2017-06-24 07:53 - 2015-06-17 18:20 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job
    2017-06-22 06:57 - 2009-07-13 22:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-06-22 06:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-06-21 08:09 - 2017-03-04 09:43 - 00000000 ____D C:\Users\Mago\Desktop\Margarita
    2017-06-20 06:44 - 2013-03-14 07:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-20 06:44 - 2013-03-14 07:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-18 21:58 - 2013-03-14 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-18 18:05 - 2016-11-21 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-18 17:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-06-18 16:09 - 2014-09-14 12:12 - 00000000 ____D C:\Users\Mago\AppData\Roaming\Dropbox
    2017-06-18 16:06 - 2015-06-17 18:20 - 00000000 ____D C:\Users\Mago\AppData\Local\Dropbox
    2017-06-18 15:59 - 2009-07-13 21:45 - 00351976 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-06-18 15:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2017-06-18 15:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\migwiz
    2017-06-14 07:54 - 2013-08-15 08:24 - 00000000 ____D C:\Windows\system32\MRT
    2017-06-14 07:54 - 2012-02-08 07:22 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-06-14 06:41 - 2016-08-15 16:14 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-06-13 09:29 - 2017-05-08 11:24 - 00000000 ____D C:\Users\Mago\Downloads\RAR_2017
    2017-06-13 06:48 - 2016-08-15 16:17 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2017-06-13 06:48 - 2016-08-15 16:17 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk
    2017-06-11 10:36 - 2015-06-09 10:28 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-06-11 10:13 - 2016-08-15 17:58 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2017-06-11 10:13 - 2016-08-15 16:03 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2017-06-08 14:10 - 2017-05-21 18:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
    2017-06-08 14:03 - 2016-07-08 19:09 - 00002303 _____ C:\Users\Public\Desktop\Norton 360.lnk
    2017-06-08 14:03 - 2016-04-16 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
    2017-06-08 14:03 - 2016-04-12 07:41 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
    2017-05-30 15:25 - 2009-07-13 22:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Files in the root of some directories =======

    2015-04-14 15:23 - 2015-07-21 19:58 - 0006656 _____ () C:\Users\Mago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-01-31 19:24 - 2017-02-06 12:29 - 0001415 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-06-25 13:50

    ==================== End of FRST.txt ============================
     
  20. photomastr

    photomastr Techie7 New Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
    Ran by Mago (25-06-2017 15:42:10)
    Running from C:\Users\Mago\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-01-29 21:43:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-761162808-2082914462-2039200112-500 - Administrator - Disabled)
    Guest (S-1-5-21-761162808-2082914462-2039200112-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-761162808-2082914462-2039200112-1002 - Limited - Enabled)
    Mago (S-1-5-21-761162808-2082914462-2039200112-1000 - Administrator - Enabled) => C:\Users\Mago

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
    FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{B066BF95-890E-A532-A58F-D13E0805DC04}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
    AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
    CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.3918.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-761162808-2082914462-2039200112-1000\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
    EPSON Artisan 720 Series Printer Uninstall (HKLM\...\EPSON Artisan 720 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
    EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
    EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Documentation (HKLM-x32\...\{E56E5D38-5972-420A-9BAF-0F84471E0142}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
    HP SimplePass PE 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.18.110.1 - Intel Security)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
    Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
    Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.569.1 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Norton Security Suite (HKLM-x32\...\N360) (Version: 22.9.4.8 - Symantec Corporation)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.81 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    RogueKiller version 12.11.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.3.0 - Adlice Software)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
    VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-761162808-2082914462-2039200112-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mago\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0186B063-84DF-4A18-B424-E806B52E081D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-16] (Facebook Inc.)
    Task: {06C2313E-CC01-4658-9E51-75F9E0BEA01B} - System32\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {087EC294-848B-48B9-BCC3-0CA7B1A7A8EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {089DE5E9-BD53-466B-B426-F7A3AE4D7A24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
    Task: {0EBF5361-83FC-4767-9F7A-6DF91E63B2DC} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {133FB9B6-04D2-405A-84D3-B5008EB5FA49} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {148D4BF5-5D65-4660-88C4-E1785995CE2E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e3467eb12e8f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {15BF503F-6487-4467-9883-A5BDA21B71C5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
    Task: {1F864364-9544-4AC8-9BA3-D7098C8EC255} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-16] (Facebook Inc.)
    Task: {207E0273-347C-4FDD-AB9C-387E9EC6938D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {2FDC2C4C-82DB-486C-A7E2-6B31C1EBE90D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {30A9AC3A-EF68-41DE-BEE1-4D2D945A779A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-05-26] (Symantec Corporation)
    Task: {3AF20A50-7C8E-4F6E-B478-71DCC2A09292} - System32\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {557FE542-2193-4238-9378-90E82FC68A19} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e3467f3d9fc0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {689578F3-4295-4DCB-AFCF-4F65C3D00A88} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {812E115C-25C8-453F-A432-F0802EA185CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\WSCStub.exe [2017-05-26] (Symantec Corporation)
    Task: {8991079D-5B25-45D1-BE0C-CE4EB375DFCB} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {8CC25C3D-4AED-4F38-9D4A-76A9DFE34C9D} - System32\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {950E1CCF-4822-4AC4-9980-AC7E5881ED41} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
    Task: {A24DBA92-5A9A-4240-94BE-C5B9E0CBEC36} - System32\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {B6A00275-9B97-42CF-A9A2-B20034FB3E92} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {B96C0B32-BFED-4F9C-9730-0B98C61FEED4} - System32\Tasks\{94B9EB80-1AF7-402C-89FF-1E6C970346A1} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar <==== ATTENTION
    Task: {B9AB4935-B389-486A-998F-D5E5BE71961D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {CFA9D9DC-7EF5-408D-A693-0C66BE87FB77} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
    Task: {EAD21873-3585-4E25-8011-1CBC6A49DBD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {EDC4FB54-1ACE-4620-88C0-947577D22D56} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
    Task: {EE4251C3-70A2-4224-BDB0-3A9C670B1FA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-07] (Hewlett-Packard)
    Task: {F436F06D-CC56-40D5-9072-DC9FE22FE80F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {FE438E3D-254B-46DE-98D9-97E466607384} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job => C:\Users\Mago\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE :/EXE:{EDF2364C-CF9E-4EBF-80D9-CADD0DBEC2A3} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {CD075366-A647-4CBE-B30C-389926086B73}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
    Task: C:\Windows\Tasks\EPSON XP-310 Series Update {CD075366-A647-4CBE-B30C-389926086B73}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE :/EXE:{CD075366-A647-4CBE-B30C-389926086B73} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000Core.job => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-761162808-2082914462-2039200112-1000UA.job => C:\Users\Mago\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-04-15 11:16 - 2011-04-15 11:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    2011-05-12 14:13 - 2011-05-12 14:13 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-05-08 02:23 - 2011-05-08 02:23 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 00775488 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 01787200 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
    2015-12-12 08:23 - 2017-06-12 04:52 - 00100296 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00018888 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\select.pyd
    2016-09-02 19:36 - 2017-06-12 04:54 - 00019776 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00035792 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00020824 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00123856 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00694224 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 01729360 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00020816 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00145864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00019408 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00116688 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2015-12-12 08:23 - 2017-06-12 04:52 - 00105928 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-08-05 06:36 - 2017-06-12 04:55 - 00022864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00060736 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00038712 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00024528 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32event.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00392656 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 00020936 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00116176 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-09-02 19:36 - 2017-06-12 04:54 - 00392512 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00124880 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-08-05 06:36 - 2017-06-12 04:55 - 00026456 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00024016 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00175560 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00030160 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00043472 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32process.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00048592 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32service.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00057808 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00024016 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00022336 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2017-05-17 18:06 - 2017-06-12 04:55 - 00082264 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
    2016-09-02 19:36 - 2017-06-12 04:55 - 00025432 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00246608 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00027488 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 03928896 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00083912 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\sip.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 01826104 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 01972024 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00028616 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00171336 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00042816 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00531264 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00133432 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00224064 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00207680 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00060880 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\win32print.pyd
    2017-02-27 16:50 - 2017-06-12 04:55 - 00054608 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00022864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00022872 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00021848 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
    2017-01-23 16:53 - 2017-06-12 04:55 - 00022872 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
    2015-12-12 08:23 - 2017-06-12 04:52 - 00349128 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-02-12 09:19 - 2017-06-12 04:55 - 00023896 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00025936 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00036296 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\librsync.dll
    2017-06-18 16:08 - 2017-06-12 04:54 - 00084288 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-07-11 17:38 - 2017-06-12 04:54 - 00030536 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
    2017-06-18 16:08 - 2017-06-12 04:52 - 00017864 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\libEGL.dll
    2017-06-18 16:08 - 2017-06-12 04:52 - 01631184 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-09-02 19:36 - 2017-06-12 04:55 - 00026456 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
    2017-04-08 08:36 - 2017-06-12 04:54 - 00023368 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00546104 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2017-06-18 16:08 - 2017-06-12 04:54 - 00357688 _____ () C:\Users\Mago\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00098816 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32api.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00110080 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\pywintypes27.dll
    2017-06-25 13:27 - 2017-06-25 13:27 - 00364544 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\pythoncom27.dll
    2017-06-25 13:27 - 2017-06-25 13:27 - 00320512 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32com.shell.shell.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00914432 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_hashlib.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 01176576 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._core_.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00806400 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._gdi_.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00816128 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._windows_.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 01067008 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._controls_.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00733184 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._misc_.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00682496 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\pysqlite2._sqlite.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00088064 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_ctypes.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00686080 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\unicodedata.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00119808 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32file.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00108544 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32security.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00007168 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\hashobjs_ext.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00017920 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\thumbnails_ext.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00088064 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\usb_ext.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00012800 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\common.time34.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00018432 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32event.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00167936 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32gui.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00046080 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_socket.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 01303552 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_ssl.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00128512 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_elementtree.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00127488 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\pyexpat.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00038912 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32inet.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00036864 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_psutil_windows.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00524248 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\windows._lib_cacheinvalidation.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00011264 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32crypt.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00123392 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._wizard.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00077312 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._html2.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00027648 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_multiprocessing.pyd
    2017-06-25 13:26 - 2017-06-25 13:26 - 00020480 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\_yappi.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00035840 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32process.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00078848 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\wx._animate.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00024064 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32pipe.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00010240 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\select.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00025600 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32pdh.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00017408 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32profile.pyd
    2017-06-25 13:27 - 2017-06-25 13:27 - 00022528 ____R () C:\Users\Mago\AppData\Local\Temp\_MEI43682\win32ts.pyd
    2017-05-11 06:53 - 2017-05-11 06:53 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1ec855392d1e10abdfe0e8e8bdb27f4b\IsdiInterop.ni.dll
    2011-10-06 07:07 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2012-10-30 10:30 - 2012-10-30 10:29 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2017-06-25 07:37 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-761162808-2082914462-2039200112-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mago\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BECC85C1-1E33-4445-AA90-5C94C8CB7A11}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{F33E2DC5-A2E4-48C3-B790-F08A7FED8798}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{33CEDAB6-00D3-4F3F-AE56-0F35D93D8A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{3CD00C4D-006E-4BA2-A1FA-9015646CCF36}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{89BD027F-B46D-4231-A2F9-D8A03C11E9D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{D03515CD-36B1-44E6-9C6B-AA6A310C4023}] => (Allow) LPort=2869
    FirewallRules: [{64B54A5C-966F-43E7-8CE6-DB72790F1218}] => (Allow) LPort=1900
    FirewallRules: [{7B26D5AA-38D7-45E2-BDB2-1B90A47FC83D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{A9D0FCB7-1D0C-4778-84E9-AE25B66EE99B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{35D69A80-C662-4C5F-8939-167DC0B84F6C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{7FE1B050-43A7-4F33-929B-D1820DEA3CA9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{A01C263A-D373-4C32-9F85-3F670995D568}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{B803E7EE-CF4A-4991-A713-1CF94DEC2C38}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{F3CE36DC-A2F7-4362-82E7-245CAE9F8A65}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B87D2D90-B4AB-4F33-920E-79B74C897363}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{D9940A1B-EBA1-446A-BFE7-FDDD3231CF2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{22FF4C6E-CFFD-4279-8DC9-C48AF9A0572B}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{6C81712A-0B49-4005-8B90-A4D9359EA55A}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{21AC9861-ACDC-4BBD-A9A6-0446037CF53A}] => (Allow) LPort=8888
    FirewallRules: [{AD84132C-3AF4-498E-98D7-41A8F6A86EBD}] => (Allow) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{94B5C466-D88D-4D87-87FD-E3FA72F57F99}] => (Allow) C:\Users\Mago\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{C526C090-3707-4D11-95C0-D574F5214FFF}] => (Allow) C:\Users\Mago\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [TCP Query User{C4238901-45E5-4ABB-A9B1-A6A1C884C9C8}C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{E23B9234-B2DF-417F-A9FC-558A1B30E9DA}C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mago\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{70AE0FF9-0030-4563-A233-9FB435A7AA84}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{149F13EA-054B-47A5-B500-8AE2B5D3C3AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{91AAF46C-58D2-432E-A2A0-A0CE9B0E3E6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{55D33E54-82C8-450B-A6A5-2038B604FCFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{27BDC18A-2408-4F6F-84B6-BAAF6432F96A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{BB7BB658-CA0B-473E-9F98-5D6C5E703A5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B9E21CB-BF82-49BC-8D1B-1B03C60F97F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AB0F827E-3A18-4065-85A7-AFC3815D0888}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9AD749DB-BFC3-4E27-9EFA-C086D1DAA7C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2050B2ED-50A4-4ECD-9EE2-016591F3206F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{547337EC-21DF-47D5-B1B7-169321BD4870}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{061A0EDC-072B-4F0B-88B1-29180B1F7B3C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{FE8CEBB6-0BB3-4718-AAEB-26F06C023858}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{BED345E3-3878-42AE-9A33-CC55BFF11D14}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{FB376078-98C5-46A9-81FA-71CD861DC17A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{B9AE6220-8CCE-4AED-A19A-4CB7604BC3C3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    FirewallRules: [{7719F4D4-05AE-4FB1-9EA6-88D0667F7240}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{BFA59349-CA90-413E-B076-5CF8059D3F9A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{8EA1E22A-35AA-4F9D-A2BB-51E1441A28FF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D9A3BFB3-2EDF-4C1C-BAA1-003BBC7C9D77}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{197E74F1-E639-496C-AE6C-9DF759027984}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CE794C21-E783-41A8-960C-20A929492EB8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{F3F52BD3-5D5A-4FD4-80AF-0E630CC70F4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    23-05-2017 18:30:11 Scheduled Checkpoint
    23-05-2017 18:55:26 Windows Update
    14-06-2017 07:50:04 Windows Update
    18-06-2017 21:56:09 Windows Update
    25-06-2017 07:24:47 ComboFix created restore point

    ==================== Faulty Device Manager Devices =============

    Name: AntiLog32
    Description: AntiLog32
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: AntiLog32
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/25/2017 01:27:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/25/2017 01:26:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x344
    Faulting application start time: 0x01d2edf140ef21fa
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: 87fbcb97-59e4-11e7-bfc7-78e3b55ee2dc

    Error: (06/25/2017 11:27:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/25/2017 11:25:48 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x38c
    Faulting application start time: 0x01d2ede067ff31cd
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: b5a7f009-59d3-11e7-b150-78e3b55ee2dc

    Error: (06/25/2017 07:37:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/25/2017 07:36:50 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x348
    Faulting application start time: 0x01d2edc0701f3bd7
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: b8c9b720-59b3-11e7-9c4e-78e3b55ee2dc

    Error: (06/25/2017 07:09:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/25/2017 07:07:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x380
    Faulting application start time: 0x01d2edbc630648c0
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: a9c5f37e-59af-11e7-b3fa-78e3b55ee2dc


    System errors:
    =============
    Error: (06/25/2017 01:35:37 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer DAVID-HP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94BE11B6-38D3-4144-A185-0C63852BAB47}.
    The master browser is stopping or an election is being forced.

    Error: (06/25/2017 01:26:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/25/2017 01:26:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/25/2017 11:27:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/25/2017 11:27:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

    Error: (06/25/2017 11:26:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/25/2017 11:26:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

    Error: (06/25/2017 11:25:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/25/2017 07:39:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (06/25/2017 07:37:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2017-06-25 07:34:24.772
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-06-25 07:34:24.679
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-06-25 07:34:24.585
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-06-25 07:34:24.491
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-08-20 19:38:26.799
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-08-20 19:38:26.799
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
    Percentage of memory in use: 45%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 3313.81 MB
    Total Virtual: 12181.9 MB
    Available Virtual: 9008.23 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:679.93 GB) (Free:590.33 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Recovery) (Fixed) (Total:14.54 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0AFF17D5)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=679.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================