Jump to content


Photo

Malware Found


  • Please log in to reply
14 replies to this topic

#1 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 24 December 2016 - 08:27 AM

Hello,

Malwarebytes found malware on my computer yesterday.  I ran a scan, selected malware to be removed and rebooted.  Ran another scan and another instance of malware was found.  Removed it and rebooted. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/24/2016
Scan Time: 6:44 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.24.03
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HomeOffice

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317797
Time Elapsed: 21 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

I cannot run Farbar or Security Analysis.  I get these popups.  I have attached copies.

 

Kaspersky Lab will not run.  Copy of popup attached. 

 

Bitdefender: No virus found.

 

I will run a few of the other scanners if I can.

 

Thank you for your assistance.

 

Kathy

 

Attached Thumbnails

  • popup.JPG


#2 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 24 December 2016 - 08:40 AM

I got Kaspersky to run.  It found 12 problems. My Vipre scan showed zero problems.  I thought I would try Kaspersky, it wants to completely remove my Vipre anti-virus.  I thought I would wait and see what you advised before proceeding.


Edited by kathyhatesspyware, 24 December 2016 - 08:43 AM.


#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 26 December 2016 - 07:27 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please make sure you are running the Farbar tool from an Administrator's account from your default drive which is normally C:\ drive.

Post the FRST and Addition.txt files.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 December 2016 - 01:05 PM

Hello Nasdaq,

Thank you for your assistance.

 

I was able to run Farbar today.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by HomeOffice (administrator) on HOMEOFFICE-PC (26-12-2016 12:01:13)
Running from C:\Users\HomeOffice\Desktop
Loaded Profiles: HomeOffice (Available Profiles: HomeOffice)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATILUE.EXE
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Flash-Integro LLC) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
(Millennia Corporation  1-623-444-8918 (Sales number)  1-425-788-0932 (Support number)  Support@LegacyFamilyTree.com  hxxp://www.LegacyFamilyTree.com) C:\Program Files (x86)\Legacy8\Legacy.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Pinnacle) C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
(Pinnacle) C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe
(Pinnacle) C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
(Pinnacle) C:\Program Files\Pinnacle\Studio 20\programs\BGRnd.exe
(Farbar) C:\Users\HomeOffice\Desktop\FRST64(1).exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [349632 2010-08-03] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3015696 2016-02-29] (ThreatTrack Security Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-07-01] (Siber Systems)
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATILUE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\MountPoints2: {f804d3ed-71c3-11e6-b950-180373b4490a} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3441258985-725316734-391261111-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-12-24]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2015-06-14]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )
BootExecute: Ǡ
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85E7BC07-A821-4915-8C6A-C44A4293D1F5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BAD4727-94A7-4A66-BA85-3627161AAD8D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3441258985-725316734-391261111-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3441258985-725316734-391261111-1000 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3441258985-725316734-391261111-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGx64.dll [2016-02-29] ()
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-09-02] (Sun Microsystems, Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll [2016-02-29] ()
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-02] (Sun Microsystems, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGx64.dll [2016-02-29] ()
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll [2016-02-29] ()
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGx64.dll [2016-02-29] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll [2016-02-29] ()
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 5fvh23f9.default
FF ProfilePath: C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default [2016-12-26]
FF user.js: detected! => C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\user.js [2015-06-13]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5fvh23f9.default -> Google
FF Extension: (Ghostery) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\firefox@ghostery.com.xpi [2016-11-30]
FF Extension: (Facebook™ Disconnect) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2016-09-06]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-10-29]
FF Extension: (Facebook Ads Block) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2016-04-27]
FF Extension: (Pin It button) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-07-16]
FF Extension: (ColorfulTabs) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-12-23]
FF Extension: (Bluhell Firewall) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-08-27]
FF Extension: (FB Ad Blocker) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{85f8a146-a464-48bd-a81e-3ebe1682ecd9}.xpi [2016-10-30]
FF Extension: (Adblock Plus) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Bitdefender QuickScan) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-12-24]
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-11-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-07-01]
FF HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-02] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2015-07-30] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2015-07-30] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-10-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-05-11] (AOMEI Tech Co., Ltd.) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [923072 2010-08-12] (Cyber Power Systems, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6602192 2016-02-29] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-02-29] (ThreatTrack Security Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [6816744 2015-10-16] (ThreatTrack Security Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [50776 2016-08-03] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [89000 2016-02-29] (ThreatTrack Security Inc.)
R3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [95608 2015-04-20] (ThreatTrack Security)
R3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
R2 WebExaminer; C:\Windows\system32\Drivers\WebExaminer64.sys [34408 2015-10-16] (ThreatTrack Security Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 12:01 - 2016-12-26 12:01 - 00023145 _____ C:\Users\HomeOffice\Desktop\FRST.txt
2016-12-26 12:00 - 2016-12-26 12:00 - 02420736 _____ (Farbar) C:\Users\HomeOffice\Desktop\FRST64(1).exe
2016-12-26 10:03 - 2016-12-26 10:03 - 00000000 ____D C:\Users\Public\Documents\Muserk Music
2016-12-26 10:03 - 2016-12-26 10:03 - 00000000 ____D C:\Users\HomeOffice\temp
2016-12-26 10:02 - 2016-12-26 10:03 - 00000000 ____D C:\Users\Public\Documents\Triple Scoop Music
2016-12-26 10:02 - 2016-12-26 10:02 - 00000211 _____ C:\Users\HomeOffice\AppData\Roaming\HOMEOFFICE-PC.MTBF.txt
2016-12-26 10:01 - 2016-12-26 10:03 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\Pinnacle_Studio_20
2016-12-26 10:01 - 2016-12-26 10:01 - 00000000 ____D C:\Users\HomeOffice\Documents\Pinnacle
2016-12-26 09:29 - 2016-12-26 09:52 - 00000000 ____D C:\ProgramData\Individual Software
2016-12-26 09:29 - 2016-12-26 09:29 - 00002315 _____ C:\Users\Public\Desktop\Typing Instructor for Kids 5.lnk
2016-12-26 09:29 - 2016-12-26 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Typing Instructor for Kids
2016-12-26 09:29 - 2016-12-26 09:29 - 00000000 ____D C:\Program Files (x86)\Individual Software
2016-12-26 07:59 - 2016-12-26 06:58 - 03704704 _____ (Corel Corporation) C:\Users\HomeOffice\Downloads\Pinnacle-Studio_20 Installer.exe
2016-12-26 07:12 - 2016-12-26 07:12 - 00002136 _____ C:\Users\Public\Desktop\Pinnacle MyDVD.lnk
2016-12-26 07:12 - 2016-12-26 07:12 - 00000000 ____D C:\ProgramData\Roxio Log Files
2016-12-26 07:12 - 2016-12-26 07:12 - 00000000 ____D C:\ProgramData\MyDVD
2016-12-26 07:12 - 2016-12-26 07:12 - 00000000 ____D C:\Program Files (x86)\Pinnacle Studio 20
2016-12-26 07:11 - 2016-12-26 10:02 - 00000000 ____D C:\ProgramData\Corel
2016-12-26 07:11 - 2016-12-26 07:11 - 00003336 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2016-12-26 07:11 - 2016-12-26 07:11 - 00000000 ____D C:\Program Files (x86)\Corel
2016-12-26 07:10 - 2016-12-26 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 20
2016-12-26 07:10 - 2016-12-26 07:10 - 00002166 _____ C:\Users\Public\Desktop\Pinnacle Studio 20.lnk
2016-12-26 07:10 - 2016-12-26 07:10 - 00002134 _____ C:\Users\Public\Desktop\Pinnacle Studio 20 Training.lnk
2016-12-26 07:08 - 2016-12-26 07:08 - 00000000 ____D C:\Program Files\Pinnacle
2016-12-26 07:07 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-12-26 07:07 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-26 07:07 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-12-26 07:07 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-12-26 07:07 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-26 07:07 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-26 07:07 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-26 07:07 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-12-26 07:07 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-12-26 07:07 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-12-26 07:07 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-12-26 07:07 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-12-26 07:07 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-12-26 07:07 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-12-26 07:07 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-12-26 07:07 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-12-26 07:07 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-12-26 07:07 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-12-26 07:07 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-12-26 07:07 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-12-26 07:07 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-12-26 07:07 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-12-26 07:07 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-12-26 07:07 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-12-26 07:07 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-12-26 07:07 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-12-26 07:07 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-12-26 07:07 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-12-26 07:07 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-12-26 07:07 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-12-26 07:07 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-12-26 07:07 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-12-26 07:07 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-12-26 07:07 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-12-26 07:07 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-12-26 07:07 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-12-26 07:07 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-12-26 07:07 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-12-26 07:07 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-12-26 07:07 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-12-26 07:07 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-12-26 07:07 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-12-26 07:07 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-12-26 07:07 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-12-26 07:07 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-12-26 07:07 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-12-26 07:07 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-12-26 07:07 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-12-26 07:07 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-12-26 07:07 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-12-26 07:07 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-12-26 07:07 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-12-26 07:07 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-12-26 07:07 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-12-26 07:07 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-12-26 07:07 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-12-26 07:07 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-12-26 07:07 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-12-26 07:07 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-12-26 07:07 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-12-26 07:07 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-12-26 07:07 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-12-26 07:07 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-12-26 07:07 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-12-26 07:07 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-12-26 07:07 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-12-26 07:07 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-12-26 07:07 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-12-26 07:07 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-12-26 07:07 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-12-26 07:07 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-12-26 07:07 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-12-26 07:07 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-12-26 07:07 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-12-26 07:07 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-12-26 07:07 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-12-26 07:07 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-12-26 07:07 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-12-26 07:07 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-12-26 07:07 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-12-26 07:07 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-12-26 07:07 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-12-26 07:07 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-12-26 07:07 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-12-26 07:07 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-12-26 07:07 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-12-26 07:07 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-12-26 07:07 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-12-26 07:07 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-12-26 07:07 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-12-26 07:07 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-12-26 07:07 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-12-26 07:07 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-12-26 07:07 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-12-26 07:07 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-12-26 07:07 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-12-26 07:07 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-12-26 07:07 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-12-26 07:07 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-12-26 07:07 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-12-26 07:07 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-12-26 07:07 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-12-26 07:07 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-12-26 07:07 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-12-26 07:07 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-12-26 07:07 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-12-26 07:07 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-12-26 07:07 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-12-26 07:07 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-12-26 07:07 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-12-26 07:07 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-12-26 07:07 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-12-26 07:06 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-12-26 07:06 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-12-26 07:06 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-12-26 07:06 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-12-26 07:06 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-12-26 07:06 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-12-26 07:06 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-12-26 07:06 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-12-26 07:06 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-12-26 07:06 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-12-26 07:06 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-12-26 07:06 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-12-26 07:06 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-12-26 07:06 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-12-26 07:06 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-12-26 07:06 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-12-26 07:06 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-12-26 07:06 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-12-26 07:06 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-12-26 07:06 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-12-26 07:06 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-12-26 07:06 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-12-26 07:06 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-12-26 07:06 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-12-26 07:06 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-12-26 07:06 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-12-26 07:06 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-12-26 07:06 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-12-26 07:06 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-12-26 07:06 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-12-26 07:06 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-12-26 07:06 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-12-26 07:06 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-12-26 07:06 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-12-26 07:06 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-12-26 07:06 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-12-26 06:58 - 2016-12-26 07:11 - 00000000 ____D C:\Users\HomeOffice\Desktop\PinnacleStudio20
2016-12-26 06:57 - 2016-12-26 06:57 - 03705080 _____ (Corel Corporation) C:\Users\HomeOffice\Downloads\PinnacleStudio_20_Setup.exe
2016-12-26 06:57 - 2016-12-26 06:57 - 00000000 ____D C:\ProgramData\UniqueId
2016-12-26 06:57 - 2016-12-26 06:57 - 00000000 ____D C:\ProgramData\Pinnacle Log Files
2016-12-24 07:46 - 2016-12-24 07:46 - 00000000 ____D C:\Users\HomeOffice\AppData\Roaming\VideoCapture
2016-12-24 07:39 - 2016-12-24 07:41 - 177801248 _____ (Kaspersky Lab) C:\Users\HomeOffice\Downloads\kts17.0.0.611en_10951.exe
2016-12-24 07:28 - 2016-12-24 07:28 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\CEF
2016-12-24 07:22 - 2016-12-24 07:22 - 00000000 ____D C:\Users\HomeOffice\AppData\Roaming\QuickScan
2016-12-24 07:20 - 2016-12-24 07:20 - 00001097 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-12-24 07:20 - 2016-12-24 07:20 - 00001057 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-12-24 07:20 - 2016-12-24 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-12-24 07:20 - 2016-12-24 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-12-24 07:20 - 2016-12-24 07:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-24 07:20 - 2016-12-24 07:20 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-24 07:18 - 2016-12-24 07:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-12-24 07:18 - 2016-12-24 07:18 - 02622304 _____ (Kaspersky Lab) C:\Users\HomeOffice\Downloads\kss16.0.0.1344en_9702.exe
2016-12-24 07:16 - 2016-12-24 07:18 - 00001041 _____ C:\Users\HomeOffice\Downloads\SALog.txt
2016-12-24 07:13 - 2016-12-24 07:13 - 00899072 _____ C:\Users\HomeOffice\Downloads\RGSA.exe
2016-12-24 07:12 - 2016-12-24 07:14 - 00003101 _____ C:\Users\HomeOffice\Downloads\FRST.txt
2016-12-24 07:12 - 2016-12-24 07:12 - 00000000 ____D C:\FRST
2016-12-24 06:48 - 2016-12-24 06:48 - 02420736 _____ (Farbar) C:\Users\HomeOffice\Downloads\FRST64.exe
2016-12-24 06:46 - 2016-12-24 06:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\HomeOffice\Downloads\HijackThis.exe
2016-12-23 17:32 - 2016-12-24 07:46 - 00000000 ____D C:\Users\HomeOffice\Documents\FlashIntegro
2016-12-23 17:32 - 2016-12-23 17:32 - 00000000 ____D C:\Users\HomeOffice\AppData\Roaming\FlashIntegro
2016-12-23 17:24 - 2016-12-23 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-23 17:22 - 2016-12-23 17:23 - 00000000 ____D C:\Program Files (x86)\FlashIntegro
2016-12-23 17:22 - 2016-12-23 17:22 - 00001204 _____ C:\Users\HomeOffice\Desktop\VSDC Free Video Editor.lnk
2016-12-23 17:22 - 2016-12-23 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2016-12-23 17:22 - 2016-12-06 11:14 - 00071480 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter3.ax
2016-12-23 17:22 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2016-12-23 17:22 - 2005-08-01 18:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2016-12-23 17:22 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-12-23 17:22 - 2004-09-06 15:06 - 00053248 _____ C:\Windows\SysWOW64\xvid.ax
2016-12-23 17:22 - 2004-07-03 20:08 - 00139264 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-12-23 17:22 - 2004-07-03 19:59 - 00524288 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-12-23 17:22 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2016-12-23 17:22 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2016-12-23 17:22 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2016-12-23 17:22 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2016-12-23 17:22 - 2003-05-21 22:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2016-12-23 17:22 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2016-12-23 17:22 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2016-12-23 17:22 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2016-12-23 17:22 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2016-12-23 17:22 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2016-12-23 17:22 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2016-12-23 17:12 - 2016-12-23 17:15 - 36885272 _____ (Flash-Integro LLC ) C:\Users\HomeOffice\Downloads\video_editor.exe
2016-12-23 16:12 - 2016-12-23 16:12 - 00000344 __RSH C:\ProgramData\ntuser.pol
2016-12-23 16:12 - 2016-12-23 16:12 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\Setup3277470354
2016-12-23 16:12 - 2016-12-23 16:12 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\dode
2016-12-23 16:12 - 2016-12-23 16:12 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\{CB55FD09-EFFD-91B1-8265-B459A60D48C1}
2016-12-23 16:12 - 2016-12-23 16:12 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-12-23 16:03 - 2016-12-23 16:03 - 00009728 _____ C:\Users\HomeOffice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-23 15:06 - 2016-12-23 15:06 - 00000000 ____D C:\Users\HomeOffice\Documents\InstantCDDVD
2016-12-15 19:47 - 2016-12-23 16:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 21:28 - 2016-12-14 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\62FA6CAD.sys
2016-12-14 09:28 - 2016-12-14 09:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\25B54554.sys
2016-12-05 21:41 - 2016-12-05 21:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\59FA371C.sys
2016-12-04 07:41 - 2016-12-04 07:41 - 00000708 _____ C:\Users\HomeOffice\Documents\revolution does.txt
2016-12-04 02:55 - 2016-12-04 02:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\04F60B63.sys
2016-12-02 21:31 - 2016-12-02 21:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\14834571.sys
2016-11-30 21:52 - 2016-11-30 21:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\06713950.sys
2016-11-29 21:29 - 2016-11-29 21:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\696E58DF.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 11:41 - 2016-11-15 16:41 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {999DD922-FDEF-4489-ADD7-8129517E7443}.job
2016-12-26 11:41 - 2016-11-15 16:41 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {999DD922-FDEF-4489-ADD7-8129517E7443}.job
2016-12-26 11:41 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-26 11:02 - 2015-06-14 07:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-26 10:05 - 2016-05-08 07:42 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2016-12-26 10:03 - 2016-05-08 07:51 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\Pinnacle
2016-12-26 10:03 - 2015-06-13 06:33 - 00000000 ____D C:\Users\HomeOffice
2016-12-26 09:49 - 2015-06-30 21:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-26 08:45 - 2009-07-13 22:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-26 08:45 - 2009-07-13 22:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 08:32 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-26 08:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-12-26 08:27 - 2015-06-15 07:09 - 00000000 ____D C:\Users\HomeOffice\Documents\ScanSnap
2016-12-26 08:00 - 2015-06-15 13:23 - 00000000 ____D C:\Users\HomeOffice\Documents\Webb City Genealogy
2016-12-26 07:12 - 2016-05-08 07:47 - 00000000 ____D C:\Program Files (x86)\Pinnacle
2016-12-26 07:12 - 2011-09-02 16:54 - 00000000 ____D C:\ProgramData\Uninstall
2016-12-26 07:12 - 2011-09-02 16:53 - 00000000 ____D C:\ProgramData\Roxio
2016-12-26 07:10 - 2016-05-08 07:41 - 00000000 ____D C:\ProgramData\Pinnacle
2016-12-26 07:08 - 2015-06-16 02:50 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2016-12-26 02:00 - 2015-06-14 07:31 - 00000000 ____D C:\Users\HomeOffice\AppData\Local\Adobe
2016-12-25 23:59 - 2015-06-14 16:18 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2016-12-24 07:21 - 2016-11-18 08:53 - 00000000 ____D C:\Users\HomeOffice\AppData\LocalLow\Mozilla
2016-12-24 06:42 - 2016-03-26 07:38 - 00003392 _____ C:\Windows\SysWOW64\VipreEdgeProtectionOff.ini
2016-12-24 06:42 - 2016-03-26 07:38 - 00003392 _____ C:\Windows\system32\VipreEdgeProtectionOff.ini
2016-12-24 06:41 - 2015-07-08 07:22 - 00000000 ____D C:\Windows\BBSTORE
2016-12-24 06:41 - 2015-06-13 12:16 - 00000000 ____D C:\Program Files (x86)\VIPRE
2016-12-24 06:41 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-23 16:46 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Resources
2016-12-23 16:16 - 2016-11-22 05:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-23 16:16 - 2015-06-13 06:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-23 16:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-12-23 08:44 - 2016-01-11 08:30 - 00000000 ____D C:\Users\HomeOffice\Documents\Bookmarks
2016-12-23 08:22 - 2015-06-15 10:22 - 00000000 ____D C:\Users\HomeOffice\Documents\Pinnacle Studio
2016-12-19 08:42 - 2015-06-14 16:50 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2016-12-19 08:42 - 2015-06-14 16:50 - 00000943 _____ C:\Users\Public\Desktop\VueScan x64.lnk
2016-12-19 08:42 - 2015-06-14 16:50 - 00000000 ____D C:\Program Files\VueScan
2016-12-14 05:02 - 2015-06-14 07:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 05:02 - 2015-06-14 07:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 05:02 - 2015-06-14 07:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 05:02 - 2011-09-02 16:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 05:02 - 2011-09-02 16:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-05 05:51 - 2015-06-15 11:01 - 00000000 ____D C:\Users\HomeOffice\Documents\Receipts

==================== Files in the root of some directories =======

2016-12-26 10:02 - 2016-12-26 10:02 - 0000211 _____ () C:\Users\HomeOffice\AppData\Roaming\HOMEOFFICE-PC.MTBF.txt
2016-12-23 16:03 - 2016-12-23 16:03 - 0009728 _____ () C:\Users\HomeOffice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\HomeOffice\AvidStudio_Upgrade_Part-2-of-2.dat
C:\Users\HomeOffice\jobq.dat
C:\Users\HomeOffice\RevoUninProSetup.exe
C:\Users\HomeOffice\RoboForm-Setup.exe
C:\Users\HomeOffice\setup-vipre-antivirus-en-us.exe


Some files in TEMP:
====================
C:\Users\HomeOffice\AppData\Local\Temp\MSN9AC.exe
C:\Users\HomeOffice\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\HomeOffice\AppData\Local\Temp\sfamcc00001.dll
C:\Users\HomeOffice\AppData\Local\Temp\sfextra.dll
C:\Users\HomeOffice\AppData\Local\Temp\VSUSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-12-14 00:45

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by HomeOffice (26-12-2016 12:01:57)
Running from C:\Users\HomeOffice\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-13 12:33:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3441258985-725316734-391261111-500 - Administrator - Disabled)
Guest (S-1-5-21-3441258985-725316734-391261111-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3441258985-725316734-391261111-1002 - Limited - Enabled)
HomeOffice (S-1-5-21-3441258985-725316734-391261111-1000 - Administrator - Enabled) => C:\Users\HomeOffice

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap ™ 5.0 (HKLM-x32\...\{FB500000-0010-0000-0000-074957833700}) (Version: 11.0.234 - ABBYY)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.18 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AOMEI Backupper Standard Edition 2.8 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version:  - )
Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel Update Manager (HKLM-x32\...\{FB8387EF-D663-4152-A13E-6B963AC1052A}) (Version: 2.3 - Corel corporation)
Creative Pack Volume 1 (HKLM\...\{05DDB511-240A-4185-B1E3-B42B8451846F}) (Version: 5.0 - Corel Corporation)
CuteSITE Builder (HKLM-x32\...\CuteSITE Builder) (Version: 4.0 - GlobalSCAPE Texas, LP)
CyberPower PowerPanel Personal Edition 1.3 (HKLM-x32\...\{EDEC45BE-39B9-4C23-81AF-FD1B5CECEA2A}) (Version: 1.3 - Cyber Power Systems, Inc.)
Dazzle Video Capture DVC100 X64 Driver 1.08 (HKLM-x32\...\{FB4B9EB9-68B2-4C42-8C38-B65F8FE5A5CA}) (Version: 1.08.0000 - Pinnacle)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - So


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 27 December 2016 - 07:59 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Run: [AdobeBridge] => [X]
BootExecute: ?
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\user.js [2015-06-13]
FF Extension: (FB Ad Blocker) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{85f8a146-a464-48bd-a81e-3ebe1682ecd9}.xpi [2016-10-30]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Addition.txt file again.
Your current copy as been truncated and is not complete.

Let me know what problem persists
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 27 December 2016 - 11:08 PM

I forgot to hit the Fix button.  I apologize, I am a bit tired tonight.


Edited by kathyhatesspyware, 27 December 2016 - 11:26 PM.


#7 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 27 December 2016 - 11:25 PM

I am running Farbar right now but it is taking quite awhile.  I hope it is not hung up.



#8 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 27 December 2016 - 11:38 PM

The tool has frozen.  Should I use task manager to shut it down and try it again?



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 28 December 2016 - 07:35 AM

Close the task is still running.

Now that you have saved te Fixlist.txt and that it's parked in the same folder as the Farbar tool run the fix.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 29 December 2016 - 08:10 AM

Hello,

I was able to run Farbar last night.  After the scan it rebooted my computer.   This exe file popped up on the reboot.  I closed it. Then it popped up again when I opened Firefox.

 

 



#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 29 December 2016 - 01:22 PM

Can you post the Fixlog.txt file for my review.

Also include the Addition.txt file that was created by the Farbar program.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 29 December 2016 - 10:09 PM

I tried to run Farbar again (the scan to get a updated fixlog.txt file).  It keeps locking up.  I was able to close the

popup once and Farbar started to run again, then the popup came back and I cannot get it to go away.



#13 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 29 December 2016 - 10:11 PM

This is the last fixlog I was able to get.  I think I have posted this one.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by HomeOffice (28-12-2016 21:44:01) Run:2
Running from C:\Users\HomeOffice\Desktop
Loaded Profiles: HomeOffice (Available Profiles: HomeOffice)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3441258985-725316734-391261111-1000\...\Run: [AdobeBridge] => [X]
BootExecute: ?
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\user.js [2015-06-13]
FF Extension: (FB Ad Blocker) - C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{85f8a146-a464-48bd-a81e-3ebe1682ecd9}.xpi [2016-10-30]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-3441258985-725316734-391261111-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\user.js => not found.
C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\user.js => not found.
C:\Users\HomeOffice\AppData\Roaming\Mozilla\Firefox\Profiles\5fvh23f9.default\Extensions\{85f8a146-a464-48bd-a81e-3ebe1682ecd9}.xpi => not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => key not found.
NAUpdate => service not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9450208 B
Java, Flash, Steam htmlcache => 2314 B
Windows/system/drivers => 4489 B
Edge => 0 B
Chrome => 0 B
Firefox => 397303459 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58503183 B
systemprofile32 => 69650 B
LocalService => 0 B
NetworkService => 0 B
HomeOffice => 1987777910 B

RecycleBin => 427647709 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:46:04 ====

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by HomeOffice (27-12-2016 22:10:12)
Running from C:\Users\HomeOffice\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-13 12:33:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3441258985-725316734-391261111-500 - Administrator - Disabled)
Guest (S-1-5-21-3441258985-725316734-391261111-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3441258985-725316734-391261111-1002 - Limited - Enabled)
HomeOffice (S-1-5-21-3441258985-725316734-391261111-1000 - Administrator - Enabled) => C:\Users\HomeOffice

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap ™ 5.0 (HKLM-x32\...\{FB500000-0010-0000-0000-074957833700}) (Version: 11.0.234 - ABBYY)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.18 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AOMEI Backupper Standard Edition 2.8 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version:  - )
Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel Update Manager (HKLM-x32\...\{FB8387EF-D663-4152-A13E-6B963AC1052A}) (Version: 2.3 - Corel corporation)
Creative Pack Volume 1 (HKLM\...\{05DDB511-240A-4185-B1E3-B42B8451846F}) (Version: 5.0 - Corel Corporation)
CuteSITE Builder (HKLM-x32\...\CuteSITE Builder) (Version: 4.0 - GlobalSCAPE Texas, LP)
CyberPower PowerPanel Personal Edition 1.3 (HKLM-x32\...\{EDEC45BE-39B9-4C23-81AF-FD1B5CECEA2A}) (Version: 1.3 - Cyber Power Systems, Inc.)
Dazzle Video Capture DVC100 X64 Driver 1.08 (HKLM-x32\...\{FB4B9EB9-68B2-4C42-8C38-B65F8FE5A5CA}) (Version: 1.08.0000 - Pinnacle)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Family Tree Maker (HKLM-x32\...\{88200B70-8473-11D6-A964-00B0D0119A5C}) (Version:  - )
Fotobounce 3.9.9 (HKLM-x32\...\com.appliedrec.Fotobounce) (Version: 3.9.9 - Applied Recognition Inc.)
Fotobounce 3.9.9 (x32 Version: 3.9.9 - Applied Recognition Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
Hollywood FX Volumes 1-3 (HKLM\...\{1913AA44-CB03-4CD8-8CBD-7462A94DC786}) (Version: 4.0 - Corel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.5.1 (x86 en-US)) (Version: 45.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MyDVD Content Pack 1 (HKLM-x32\...\{ADCF7AE3-8E36-4B80-9460-66B74B56927F}) (Version: 1.00.0000 - Corel Corporation)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA Display Control Panel (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 6.14.12.6716 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photomatix Essentials version 4.0.1 (HKLM\...\PhotomatixEssentials4x64_is1) (Version: 4.0.1 - HDRsoft Ltd)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Pinnacle MyDVD (HKLM-x32\...\{ED0D9820-6C9B-4897-916C-1766EFD524CD}) (Version: 1.0 - Pinnacle)
Pinnacle MyDVD (x32 Version: 1.0.131 - Corel Corporation) Hidden
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio 20 - Standard Content Pack (HKLM\...\{AB90BFBE-235D-480B-B5EF-67D361842E95}) (Version: 20.2 - Corel Corporation)
Pinnacle Studio 20 (HKLM\...\{4D548AFA-B83A-4C39-A474-AAE833B320AD}) (Version: 20.2.0.185 - Corel Corporation)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Pack Volumes 1-2 (HKLM-x32\...\{CF6BAFC0-1FD7-4F4F-9C92-0E3AB0667ACD}) (Version: 4.0 - Corel Corporation)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
RoboForm 7-9-19-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-19-7 - Siber Systems)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.2L20 - PFU)
ScanSnap Manager (x32 Version: 6.2.20.4.3 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.1L30 - PFU)
ScanSnap Organizer (x32 Version: 5.1.30.1 - PFU LIMITED) Hidden
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{29D851C2-048C-4B5E-8D1F-25D473342BB5}) (Version: 15.00.0020 - ScanSoft, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Title Extreme (HKLM\...\{7E857A86-4E40-4381-9EAD-19CCB8DAF81F}) (Version: 4.0 - Corel Corporation)
Typing Instructor for Kids (HKLM-x32\...\{94D3E3CE-CE56-428B-A92D-F06B7723CF9E}) (Version: 5.0.0 - Individual Software)
VIPRE Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 9.3.4.3 - ThreatTrack Security Inc.)
VIPRE Antivirus (x32 Version: 9.3.4.3 - ThreatTrack Security, Inc.) Hidden
VSDC Free Video Editor version 5.7.3.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.3.644 - Flash-Integro LLC)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06D4DA25-CB69-42E5-80A7-EB46C5E8E79A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0E865B13-2C72-4C2A-8D61-853F116D3B12} - System32\Tasks\AdobeAAMUpdater-1.0-HomeOffice-PC-HomeOffice => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {13426997-729A-4868-9CD7-DA496F87DED8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {1721E5CB-F591-42C7-BB4B-71879279D3B0} - System32\Tasks\{5343BFCA-65C1-4F7F-A0E2-EFB22A9C7360} => pcalua.exe -a C:\Users\HomeOffice\AppData\Local\Temp\Temp2_mc2400W_Win_GDI_x86_v1.5.1.0.zip\mc2400W_Win_GDI_x86_v1.5.1.0\English\setup.exe <==== ATTENTION
Task: {64AA1B88-FF57-4001-A3EC-86C4FB7D9AE9} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2016-08-25] (Corel Corporation)
Task: {6924C867-F5B3-475A-8D90-505B36797B06} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {B028B48F-6831-4008-BDB4-5E820D4EA231} - System32\Tasks\EPSON L120 Series Update {999DD922-FDEF-4489-ADD7-8129517E7443} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D3BD7B60-EAC7-4B22-9727-3BB983212F7E} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {E5D43E58-08A0-4CA5-9EBB-4F0B816E6FDC} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMGMIMJMNMOMKJMMKMCNHMNJNJLJCNLMMJJJLJCNOJOMOJMMCNNJGMKMLMHMKMIMKMLJMJHMKJJNJICMIMCNGMCNOMGMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMMMHMMMJNHICMEKMICNJJCKJNBJCMHLAJCJKJALJJJJGJMJKJJNKJCMJNNICMJNDJCMKJBJ (the data entry has 55 more characters).
Task: {ECA0556B-52F5-4E16-869B-9C04BD9FE4A2} - System32\Tasks\EPSON L120 Series Invitation {999DD922-FDEF-4489-ADD7-8129517E7443} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F4CA61E1-12D1-43F6-86AF-57C227F9FE6E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-07-01] (Siber Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {999DD922-FDEF-4489-ADD7-8129517E7443}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Update {999DD922-FDEF-4489-ADD7-8129517E7443}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE:/EXE:{999DD922-FDEF-4489-ADD7-8129517E7443} /F:Update SYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-01 19:15 - 2015-05-11 14:56 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-07-01 19:15 - 2015-05-11 14:55 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-07-01 19:15 - 2015-05-11 14:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-07-01 19:14 - 2015-05-11 14:55 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-07-01 19:15 - 2015-02-25 23:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00151552 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 12977947 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00761856 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2011-08-09 15:06 - 2012-02-07 13:59 - 00086016 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
2011-09-22 14:22 - 2012-02-07 13:59 - 00039936 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSRegistrationPlugin16724.dll
2011-09-22 14:22 - 2012-02-07 13:59 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSPluginVersionPlugin16724.dll
2016-02-29 13:56 - 2016-02-29 13:56 - 00237056 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2016-03-26 07:40 - 2015-06-26 02:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2016-03-26 07:40 - 2015-06-26 02:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2016-05-12 07:57 - 2016-05-12 07:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
2011-09-02 16:36 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2015-06-14 18:41 - 2013-10-09 09:43 - 00430080 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2015-06-14 18:41 - 2013-09-06 14:40 - 00241664 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2015-06-14 18:41 - 2003-03-26 17:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2015-06-14 18:42 - 2010-08-24 15:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2015-06-14 18:41 - 2013-03-12 08:43 - 00888832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2015-06-14 18:41 - 2013-08-09 10:21 - 01716224 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\bookbound.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VipreEdgeProtection => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-12-23 17:29 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3441258985-725316734-391261111-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk => C:\Windows\pss\Conversion to PDF with ScanSnap Organizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanSnap Manager.lnk => C:\Windows\pss\ScanSnap Manager.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: KONICA MINOLTA magicolor 2400W STD => C:\Windows\system32\MSTMON_S.EXE STARTUP
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ScanSnap OnlineUpdate Watcher => "C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" -StartOS
MSCONFIG\startupreg: ScanSnap WIA Service Checker => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C69AAE8-2625-4933-AD6A-703EC67F9A8C}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2E1933E8-5536-47E9-A1D4-C42BC4E881FA}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A743BD6E-48CE-4268-BB79-E5FA7356A9E0}] => C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{35A71816-B5F8-43E9-85D2-906606923BE4}] => C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{09AF5829-2647-4A14-82A0-C706B4B66960}] => C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{9F8E6CE3-D5A4-415D-8B0D-230201FFE39B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AEC8B706-6FB0-435F-8A36-79D3091436CF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => %SystemRoot%\System32\vpc.exe
FirewallRules: [{8DAA0E5C-303B-41B7-83B8-613C2E3CE334}] => C:\Program Files (x86)\AOMEI Backupper\PxeUi.exe
FirewallRules: [{1BC0668A-7321-4D93-BA84-B719B05E37F2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CD18B03-C521-4363-92EB-53E55FDB12CE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDF27484-44C6-4D48-AE86-5648FD318A26}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8206AE25-3AAF-4770-A50C-CA2464130F49}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B00022C9-AAA3-44D0-8FD0-FEF815FE158B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7C254BAE-39DB-4037-937C-BCC27D34340C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7BB9E26-E0FE-4174-A756-0089E00DF6E0}] => C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{DDA8FC46-DFC7-4EC4-BC22-B1A266593FAA}] => C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{53003AF7-E7C0-4C89-96A5-057D63D271C5}] => C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{83369633-7337-4996-9511-F854F16531A1}] => C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{48F98B4E-12D1-4552-AC3C-AF4680FC405B}] => C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{D5C9DF66-DBBF-41AF-8E11-BB2085EF9397}] => C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [TCP Query User{E370DB61-5B64-4644-B2AA-4C1C08094818}C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe] => C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe
FirewallRules: [UDP Query User{15846D2E-30FE-44F6-811F-E1F0F4C20522}C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe] => C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe
FirewallRules: [{E266EB66-D142-41A7-B432-D80F451ED89E}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{28038514-E59D-44F7-9705-0AEE607009E4}] => C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{17EBEF63-7CDB-4ADF-9D95-A4308AD73E1E}] => C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{4B7FEC99-9EFA-43B9-8C83-3F9A9AC5835E}] => C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DBCED2B3-CE0D-478E-A9CA-383643064FBB}] => C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{6239CE7E-F26D-4DC9-AA80-878889223F6A}] => C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{61C14187-F8B0-43F5-BC35-AA2DB1594F93}] => C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{85615493-AB58-426F-9922-37566F45BD8B}] => C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{A1EF446A-8C9D-40B9-B2D8-42BD82D3BEBE}] => C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{D3A9C37C-F7B6-4C0B-B81E-172D2A1BD7DE}] => C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{60C448CE-604F-4763-9984-0E2752F04A32}] => C:\Program Files\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{F00C3C7D-6EC5-4905-A7E1-824C4D819CD8}] => C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{F8F6C7B9-5FF1-46F4-9E72-E62EA8DC22E2}] => C:\Program Files\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{6DB7B342-71F2-40B4-8ED4-9F17E712F58A}] => C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{28E125A1-7F21-4C0E-A6EC-9B499070BD27}] => C:\Program Files\Pinnacle\Studio 20\programs\UMI.exe

==================== Restore Points =========================

13-12-2016 00:00:01 Scheduled Checkpoint
19-12-2016 08:42:22 Device Driver Package Install: Hamrick Software Imaging devices
23-12-2016 17:23:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
23-12-2016 17:28:14 Revo Uninstaller Pro's restore point - ByteFence Anti-Malware
23-12-2016 17:31:01 Revo Uninstaller Pro's restore point - Free Video Editor
26-12-2016 07:05:48 Installed DirectX
26-12-2016 09:27:24 Installed Typing Instructor for Kids.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2016 09:27:24 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {2d0818a6-5aec-49a1-8841-9019f564dff7}

Error: (12/26/2016 07:05:48 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {9a64e616-2c33-41b4-a39f-b1e44e1cdc4e}

Error: (12/24/2016 07:14:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.12.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d74

Start Time: 01d25de7a61f0f50

Termination Time: 6504

Application Path: C:\Users\HomeOffice\Downloads\FRST64.exe

Report Id: efb1a504-c9da-11e6-9c31-180373b4490a

Error: (12/24/2016 07:14:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.12.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 89c

Start Time: 01d25de74ed5ba00

Termination Time: 11708

Application Path: C:\Users\HomeOffice\Downloads\FRST64.exe

Report Id: d1347aeb-c9da-11e6-9c31-180373b4490a

Error: (12/24/2016 06:42:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/23/2016 05:31:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e24b41dd-62de-41c0-94ff-cb775887b569}

Error: (12/23/2016 05:31:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e24b41dd-62de-41c0-94ff-cb775887b569}

Error: (12/23/2016 05:28:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e24b41dd-62de-41c0-94ff-cb775887b569}

Error: (12/23/2016 05:28:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e24b41dd-62de-41c0-94ff-cb775887b569}

Error: (12/23/2016 05:23:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x80070057, The parameter is incorrect.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e24b41dd-62de-41c0-94ff-cb775887b569}


System errors:
=============
Error: (12/24/2016 07:20:20 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{9BAD4727-94A7-4A66-BA85-3627161AAD8D}.
The backup browser is stopping.

Error: (12/24/2016 06:41:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:39:41 AM on ‎12/‎24/‎2016 was unexpected.

Error: (12/23/2016 05:20:48 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{9BAD4727-94A7-4A66-BA85-3627161AAD8D}.
The backup browser is stopping.

Error: (12/23/2016 05:17:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:16:10 PM on ‎12/‎23/‎2016 was unexpected.

Error: (12/23/2016 04:12:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Digital Wave Update Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/22/2016 07:44:47 AM) (Source: DCOM) (EventID: 10016) (User: HomeOffice-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D3DCB472-7261-43CE-924B-0704BD730D5F}
 and APPID
{D3DCB472-7261-43CE-924B-0704BD730D5F}
 to the user HomeOffice-PC\HomeOffice SID (S-1-5-21-3441258985-725316734-391261111-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2016 07:44:47 AM) (Source: DCOM) (EventID: 10016) (User: HomeOffice-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{145B4335-FE2A-4927-A040-7C35AD3180EF}
 and APPID
{145B4335-FE2A-4927-A040-7C35AD3180EF}
 to the user HomeOffice-PC\HomeOffice SID (S-1-5-21-3441258985-725316734-391261111-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2016 07:44:47 AM) (Source: DCOM) (EventID: 10016) (User: HomeOffice-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
 and APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
 to the user HomeOffice-PC\HomeOffice SID (S-1-5-21-3441258985-725316734-391261111-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2016 06:15:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

Error: (12/13/2016 04:38:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 60%
Total physical RAM: 8174.45 MB
Available physical RAM: 3264.64 MB
Total Virtual: 16347.07 MB
Available Virtual: 10222.99 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:282.22 GB) NTFS
Drive d: () (Fixed) (Total:0.03 GB) (Free:0.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8183C943)
Partition 1: (Not Active) - (Size=39 MB) - (Type=0B)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 30 December 2016 - 08:13 AM


THERE IS NO DISK IN THE DRIVE error...

If you used a USB drive and did not dismount it before closing the computer it may be that you will get such an error at startup.

Place the USB driver in the USB slot.
When installed and running unmount it before removing it.
Make sure you get a message that it's OK to remove the drive.

Restart the computer.

How is it now?

p.s.
This page may help you.
http://www.wikihow.com/Unmount-a-Drive

===

For your added security you should update these old versionof the programs.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)


ADOBE AIR

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/air/
==============

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

JAVA

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882
===

Remove the old copies via the Control Panel > Programs > Programs and Features when updated.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 30 December 2016 - 11:08 PM

I had an external hard drive plugged in via usb.  The drive was powered off.  I will disconnect it and restart.  I will also run the updates you suggested.  I will be gone this weekend so I will update when I return.  Hope you have a happy New Year!






2 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


    Magpie (1)
Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!