Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Wondershare Helper Compact popup [Solved]


  • This topic is locked This topic is locked
6 replies to this topic

#1 Randyj

Randyj

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 17 August 2016 - 12:28 AM

Hi,

 

I am experiencing a Wondershare Helper popup each time I start my computer.  It wants permission to make changes.  This is happening after I uninstalled the Wondershare program.  My computer has been very slow before and after I installed Wondershare software.

 

I have a HP Pavilion DV6 laptop running Win 7 64-bit. 

 

Here is the output of aswMBR:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-08-17 00:44:45
-----------------------------
00:44:45.276    OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:45.276    Number of processors: 8 586 0x2A07
00:44:45.277    ComputerName: RANDYJONES-HP  UserName: Randy Jones
00:44:52.875    Initialze error C000010E - driver not loaded
00:50:52.461    AVAST engine defs: 16081601
00:52:57.752    Service scanning
00:54:06.267    Modules scanning
00:54:06.284    Disk 0 trace - called modules:
00:54:06.287   
00:54:08.696    AVAST engine scan C:\Windows
00:54:13.379    AVAST engine scan C:\Windows\system32
01:01:44.142    AVAST engine scan C:\Windows\system32\drivers
01:02:33.582    AVAST engine scan C:\Users\Randy Jones
01:21:00.118    The log file has been saved successfully to "C:\Users\Randy Jones\Desktop\aswMBR.txt"

 

 

Here are the contents of FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Randy Jones (administrator) on RANDYJONES-HP (17-08-2016 00:53:22)
Running from C:\Users\Randy Jones\Desktop
Loaded Profiles: Randy Jones (Available Profiles: Randy Jones)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fork, Ltd.) C:\Windows\Prey 1.5\wpxsvc.exe
(Node.js) C:\Windows\Prey 1.5\versions\1.6.1\bin\node.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\nsbu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\nf.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service (Intel Device Advisor)\Oasis2Service.exe
(Fork, Ltd.) C:\Windows\Prey 1.5\versions\1.6.1\node_modules\triggers\bin\lightevt.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\tampmon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\nf.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\nsbu.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synology Inc.) C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
() C:\Program Files (x86)\rDrive\rDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files\Intel\SUR\Recommender\ESRV\esrv_svc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Dropbox, Inc.) C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Almico Software (almico.com)) C:\Program Files (x86)\SpeedFan 4.51\speedfan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_210_ActiveX.exe
(AVAST Software) C:\Users\Randy Jones\Desktop\aswMBR.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2015-05-15] (IDT, Inc.)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4470344 2015-12-30] (UltimateOutsider)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-08-11] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2523184 2014-06-06] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3966064 2016-08-05] (Tonec Inc.)
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Run: [] => [X]
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe [11605576 2013-10-09] (Synology Inc.)
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Run: [Dropbox Update] => C:\Users\Randy Jones\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Run: [rDrive] => C:\Program Files (x86)\rDrive\rDrive.exe [3692510 2016-05-23] ()
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\rDrive\shellext\OCOverlays_x64.dll [2015-09-26] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{20C7564D-C678-436D-9FE7-D6E9EFE5268D}: [NameServer] 10.130.254.196,10.130.253.90
Tcpip\..\Interfaces\{80344F7C-B984-40B3-8E4B-6A757D8890EE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-188667196-4161539773-1860255103-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/?gfe_rd=cr&ei=_fY_VfiCM4ep8we88YDwAQ&gws_rd=ssl
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine64\3.6.0.31\coIEPlg.dll [2016-02-15] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-27] (Hewlett-Packard)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-16] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\coIEPlg.dll [2016-02-15] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-16] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-27] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP20-10086/event/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Randy Jones\AppData\Roaming\Mozilla\Firefox\Profiles\w4c1c6vm.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Firefox Synchronisation Extension - C:\Users\Randy Jones\AppData\Roaming\Mozilla\Firefox\Profiles\w4c1c6vm.default\Extensions\synchronize@nokia.suite [2016-05-26] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFAddon [2016-06-24]
FF HKLM\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFAddon
FF Extension: Norton™ Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFAddon [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-04-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw [2016-01-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFAddon
FF HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Randy Jones\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Randy Jones\AppData\Roaming\IDM\idmmzcc5 [2016-08-16] [not signed]
FF HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-06]
CHR Extension: (Google Docs) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-08]
CHR Extension: (Google Drive) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-08]
CHR Extension: (YouTube) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-05-06]
CHR Extension: (Website Logon) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2016-05-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-06-08]
CHR Extension: (Google Sheets) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-06]
CHR Extension: (Google Docs Offline) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-05-06]
CHR Extension: (Norton™ Family) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2016-06-08]
CHR Extension: (IDM Integration Module) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-07-01]
CHR Extension: (Norton Safe) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR Extension: (Gmail) - C:\Users\Randy Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\Extensions\Chrome.crx [2016-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-23]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\Extensions\Chrome.crx [2016-06-02]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey 1.5\wpxsvc.exe [611854 2016-01-25] (Fork, Ltd.) [File not signed]
R2 ESRV_SVC_DDNI; C:\Program Files\Intel\SUR\Recommender\ESRV\esrv_svc.exe [413848 2016-01-27] ()
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\NSBU.exe [289080 2016-06-16] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\NF.exe [364416 2016-05-30] (Symantec Corporation)
R2 Oasis2Service (Intel® Device Advisor); C:\Program Files (x86)\DDNi\Oasis2Service (Intel Device Advisor)\Oasis2Service.exe [72472 2016-03-11] (Digital Delivery Networks, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2013-10-09] ()
R2 TampMon; C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\TampMon.exe [315704 2016-05-30] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] () [File not signed]
S3 USER_ESRV_SVC_DDNI; C:\Program Files\Intel\SUR\Recommender\ESRV\esrv_svc.exe [413848 2016-01-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0306000.01F\ccSetx64.sys [165080 2015-06-03] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-06] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [68160 2011-08-12] (Fresco Logic)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\IPSDefs\20160816.002\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [506160 2014-04-03] (Juniper Networks)
S4 jnprTdi_804_47117; C:\Windows\system32\Drivers\jnprTdi_804_47117.sys [108344 2014-06-06] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-04-03] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-04-03] (Juniper Networks, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-13] ()
R1 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0306000.01F\SymRdrS.SYS [252152 2015-09-03] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\EX64.SYS [X]
U3 aswMBR; \??\C:\Users\RANDYJ~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\RANDYJ~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-17 00:53 - 2016-08-17 00:54 - 00042902 _____ C:\Users\Randy Jones\Desktop\FRST.txt
2016-08-17 00:51 - 2016-08-17 00:53 - 00000000 ____D C:\FRST
2016-08-17 00:49 - 2016-08-17 00:49 - 02394624 _____ (Farbar) C:\Users\Randy Jones\Desktop\FRST64.exe
2016-08-17 00:42 - 2016-08-17 00:32 - 05198336 _____ (AVAST Software) C:\Users\Randy Jones\Desktop\aswMBR.exe
2016-08-16 00:41 - 2016-08-16 00:41 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-16 00:41 - 2016-08-16 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-16 00:40 - 2016-08-16 00:40 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-16 00:37 - 2016-08-16 00:37 - 00003226 _____ C:\Windows\System32\Tasks\{DC18EDCF-CA91-479D-8F76-F8E3E724B497}
2016-08-14 23:31 - 2016-08-14 23:31 - 00000000 _____ C:\Windows\system32\RENF436.tmp
2016-08-14 23:27 - 2016-08-14 23:27 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Sun
2016-08-14 23:27 - 2016-08-14 23:27 - 00000000 ____D C:\Users\Randy Jones\.oracle_jre_usage
2016-08-14 20:55 - 2016-08-14 23:24 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\NPE
2016-08-14 08:13 - 2016-08-14 10:32 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
2016-08-14 08:13 - 2016-08-14 08:13 - 00001072 _____ C:\Users\Randy Jones\Desktop\Your Unin-staller!.lnk
2016-08-14 08:13 - 2016-08-14 08:13 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\URSoft
2016-08-14 08:13 - 2016-08-14 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2016-08-12 19:25 - 2016-08-12 19:25 - 00097071 _____ C:\Users\Randy Jones\Desktop\Julie Jones signed MAP 2016.xlsx
2016-08-12 02:12 - 2016-08-12 02:12 - 00281682 _____ C:\Users\Randy Jones\Desktop\Amazon-Chase credit card terms.xps
2016-08-10 22:27 - 2016-08-02 09:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 22:27 - 2016-08-02 09:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 22:27 - 2016-08-02 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 22:27 - 2016-08-02 01:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 22:27 - 2016-08-02 01:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 22:27 - 2016-08-02 01:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 22:27 - 2016-08-02 01:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 22:27 - 2016-08-02 01:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 22:27 - 2016-08-02 01:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 22:27 - 2016-08-02 01:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 22:27 - 2016-08-02 01:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 22:27 - 2016-08-02 01:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 22:27 - 2016-08-02 01:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 22:27 - 2016-08-02 01:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 22:27 - 2016-08-02 01:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 22:27 - 2016-08-02 01:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 22:27 - 2016-08-02 01:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 22:27 - 2016-08-02 01:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 22:27 - 2016-08-02 01:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 22:27 - 2016-08-02 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 22:27 - 2016-08-02 01:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 22:27 - 2016-08-02 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 22:27 - 2016-08-02 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 22:27 - 2016-08-02 00:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 22:27 - 2016-08-02 00:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 22:27 - 2016-08-02 00:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 22:27 - 2016-08-02 00:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 22:27 - 2016-08-02 00:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 22:27 - 2016-08-02 00:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 22:27 - 2016-08-02 00:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 22:27 - 2016-08-02 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 22:27 - 2016-08-02 00:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 22:27 - 2016-08-02 00:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 22:27 - 2016-08-02 00:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 22:27 - 2016-08-02 00:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 22:27 - 2016-08-02 00:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 22:27 - 2016-08-02 00:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 22:27 - 2016-08-02 00:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 22:27 - 2016-08-02 00:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 22:27 - 2016-08-02 00:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 22:27 - 2016-08-02 00:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 22:27 - 2016-08-02 00:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 22:27 - 2016-08-02 00:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 22:27 - 2016-08-02 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 22:27 - 2016-08-02 00:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 22:27 - 2016-08-02 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 22:27 - 2016-08-02 00:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 22:27 - 2016-08-02 00:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 22:27 - 2016-08-02 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 22:27 - 2016-08-02 00:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 22:27 - 2016-08-02 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 22:27 - 2016-08-02 00:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 22:27 - 2016-08-02 00:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 22:27 - 2016-08-02 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 22:27 - 2016-08-02 00:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 22:27 - 2016-08-02 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 22:27 - 2016-08-02 00:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 22:27 - 2016-08-02 00:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 22:27 - 2016-08-02 00:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 22:27 - 2016-08-02 00:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 22:27 - 2016-08-02 00:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 22:27 - 2016-08-01 23:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 22:27 - 2016-08-01 23:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 22:27 - 2016-08-01 23:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 22:27 - 2016-08-01 23:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 22:26 - 2016-08-02 01:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 22:26 - 2016-07-08 10:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 22:26 - 2016-07-08 10:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 22:26 - 2016-07-08 10:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 22:26 - 2016-07-08 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 22:26 - 2016-07-08 10:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 22:26 - 2016-07-08 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 22:26 - 2016-07-08 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 22:26 - 2016-07-08 10:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 22:26 - 2016-07-08 09:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 22:26 - 2016-07-08 09:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 22:26 - 2016-07-08 09:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 22:26 - 2016-07-08 09:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 22:26 - 2016-07-08 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 22:26 - 2016-07-08 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 22:23 - 2016-07-08 10:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 01:30 - 2016-08-10 01:30 - 00001250 _____ C:\Users\Randy Jones\Desktop\Norton Installation Files.lnk
2016-08-08 21:26 - 2016-08-08 21:26 - 00000000 ____D C:\Users\Randy Jones\AppData\LocalLow\Google
2016-08-08 16:41 - 2016-08-08 16:41 - 00000000 ____D C:\Users\Randy Jones\Documents\New folder
2016-08-08 09:14 - 2016-08-08 09:14 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-08 09:14 - 2016-08-08 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-08 09:13 - 2016-08-08 09:14 - 00000000 ____D C:\Program Files\iTunes
2016-08-08 09:13 - 2016-08-08 09:13 - 00000000 ____D C:\Program Files\iPod
2016-08-08 09:13 - 2016-08-08 09:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-08 09:11 - 2016-08-08 09:11 - 00046836 _____ C:\Users\Randy Jones\Downloads\LmManager_v1.30.0.sis
2016-08-07 03:40 - 2016-08-08 16:41 - 00000000 ____D C:\Program Files (x86)\GPSBabel
2016-08-07 03:40 - 2016-08-07 03:40 - 00001017 _____ C:\Users\Public\Desktop\GPSBabel.lnk
2016-08-07 03:40 - 2016-08-07 03:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel
2016-08-06 23:15 - 2016-08-06 23:15 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\HMYGSetting
2016-08-06 23:15 - 2016-08-06 23:15 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-06 23:13 - 2016-08-12 00:26 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Wondershare
2016-08-06 23:13 - 2016-08-06 23:13 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\Wondershare
2016-08-06 23:00 - 2016-08-06 23:12 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-08-05 17:07 - 2016-08-05 17:07 - 00183613 _____ C:\Users\Randy Jones\Desktop\20 off coupon.xps
2016-08-05 12:38 - 2016-08-05 12:38 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-05 10:50 - 2016-08-05 08:04 - 00217256 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-08-05 01:46 - 2016-08-05 01:46 - 420563475 _____ C:\Users\Randy Jones\Desktop\The Insanity of God- 25min preview on Vimeo.mp4
2016-08-03 08:38 - 2016-08-03 08:38 - 00262144 _____ C:\Windows\Minidump\080316-68047-01.dmp
2016-07-30 20:18 - 2016-07-30 20:18 - 00001623 _____ C:\Users\Randy Jones\Desktop\NbuExplorer - Shortcut.lnk
2016-07-30 19:34 - 2016-07-30 19:34 - 00811633 _____ C:\Users\Randy Jones\Documents\Church Partnership breakout session.pdf
2016-07-30 17:58 - 2016-07-30 18:06 - 00000000 ____D C:\Users\Randy Jones\Desktop\Video log of house
2016-07-30 04:41 - 2016-07-30 04:42 - 00000000 ____D C:\Users\Randy Jones\Desktop\Taryn video and pics
2016-07-19 15:48 - 2016-07-19 15:48 - 02081426 ____N C:\Users\Randy Jones\Desktop\A-novices-guide-to-fielding-common-muslim-objections.pdf
2016-07-18 16:45 - 2016-07-18 16:46 - 01218468 _____ C:\Users\Randy Jones\Downloads\googleMaps3.2.1.sisx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-17 00:44 - 2015-04-29 04:02 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Skype
2016-08-17 00:28 - 2015-06-13 01:16 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-188667196-4161539773-1860255103-1000UA.job
2016-08-17 00:13 - 2016-03-15 01:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-16 23:56 - 2015-04-28 10:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-16 23:56 - 2015-04-28 10:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-16 20:12 - 2015-07-08 03:41 - 00000000 ____D C:\Program Files (x86)\SpeedFan 4.51
2016-08-16 19:50 - 2016-04-22 06:20 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForRandy Jones.job
2016-08-16 19:32 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-16 19:32 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-16 15:57 - 2015-04-28 12:07 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-16 15:57 - 2015-04-28 12:07 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-16 15:57 - 2015-04-28 12:07 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-16 15:57 - 2015-04-28 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-16 14:54 - 2015-04-28 12:41 - 00000000 ___RD C:\Users\Randy Jones\Dropbox
2016-08-16 14:48 - 2015-08-26 02:37 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\rDrive
2016-08-16 14:47 - 2016-07-10 20:24 - 00405880 ____H C:\Users\Randy Jones\drlog.txt
2016-08-16 14:47 - 2015-04-28 10:38 - 00000000 ____D C:\Users\Randy Jones\AppData\LocalLow\AuthenTec
2016-08-16 14:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-16 13:23 - 2015-04-28 16:56 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\DMCache
2016-08-16 08:50 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-08-16 04:14 - 2015-12-06 14:35 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-16 03:44 - 2015-04-30 00:18 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2D0C957F-26C4-4F93-ACE9-0F7737225A8F}
2016-08-16 00:47 - 2015-09-11 04:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-16 00:44 - 2015-04-28 11:03 - 00000000 ____D C:\ProgramData\Oracle
2016-08-16 00:41 - 2015-04-28 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-08-15 00:41 - 2015-04-28 11:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-15 00:33 - 2015-04-28 19:12 - 00000000 ____D C:\ProgramData\Temp
2016-08-14 23:27 - 2015-04-28 10:38 - 00000000 ____D C:\Users\Randy Jones
2016-08-14 20:55 - 2015-04-28 17:45 - 00000000 ____D C:\ProgramData\Norton
2016-08-14 14:28 - 2015-06-13 01:16 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-188667196-4161539773-1860255103-1000Core.job
2016-08-14 01:46 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-14 01:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-08-14 01:10 - 2015-07-30 10:24 - 00000000 ____D C:\Users\Randy Jones\Documents\STAS 2016
2016-08-12 17:44 - 2015-05-02 08:10 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\Microsoft Games
2016-08-12 13:50 - 2016-04-22 06:20 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRandy Jones
2016-08-12 11:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-08-12 08:41 - 2015-04-29 04:01 - 00000000 ____D C:\ProgramData\Skype
2016-08-12 08:40 - 2015-08-20 00:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-12 01:08 - 2015-04-28 12:39 - 00000000 ____D C:\Users\Randy Jones\Documents\My Received Files
2016-08-12 01:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2016-08-11 22:51 - 2009-07-13 23:45 - 00410256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 22:50 - 2015-04-28 16:56 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-10 22:46 - 2015-04-29 01:54 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 22:30 - 2015-04-29 01:54 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 21:03 - 2015-04-28 16:56 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\IDM
2016-08-10 16:35 - 2015-05-02 01:48 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-08-10 01:30 - 2015-05-02 01:48 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-08-09 22:43 - 2015-04-28 17:10 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\Windows Live
2016-08-09 17:51 - 2015-04-28 12:40 - 00000000 ____D C:\Users\Randy Jones\Documents\Nokia Suite
2016-08-08 14:01 - 2015-04-28 10:57 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 09:13 - 2015-10-28 14:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-07 02:30 - 2015-04-28 12:41 - 00000000 ____D C:\Users\Randy Jones\Downloads\Compressed
2016-08-05 12:38 - 2015-04-28 12:21 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Dropbox
2016-08-05 01:49 - 2015-04-28 12:49 - 00000000 ____D C:\Users\Randy Jones\Downloads\Video
2016-08-03 08:38 - 2016-03-19 09:36 - 656735619 _____ C:\Windows\MEMORY.DMP
2016-08-03 08:38 - 2016-03-19 09:36 - 00000000 ____D C:\Windows\Minidump
2016-08-03 00:26 - 2015-04-28 12:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-30 19:34 - 2015-04-28 12:42 - 00000000 ____D C:\Users\Randy Jones\Documents\T4T
2016-07-28 16:51 - 2015-04-28 10:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 16:51 - 2015-04-28 10:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 10:54 - 2015-04-28 14:50 - 00000000 ____D C:\Users\Randy Jones\Desktop\Melody
2016-07-26 03:08 - 2015-04-28 10:40 - 00113264 _____ C:\Users\Randy Jones\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-25 13:21 - 2015-04-28 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-24 12:19 - 2015-08-26 02:30 - 00000000 ____D C:\Program Files (x86)\rDrive
2016-07-22 06:54 - 2015-04-28 12:39 - 00000000 ____D C:\Users\Randy Jones\Documents\Household business

==================== Files in the root of some directories =======

2015-06-05 03:03 - 2008-03-19 08:50 - 0097280 _____ () C:\Program Files (x86)\Common Files\pcsbClean.exe
2015-06-05 03:03 - 2008-03-06 12:31 - 0134656 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
2016-07-13 01:25 - 2016-07-13 01:25 - 0007620 _____ () C:\Users\Randy Jones\AppData\Local\Resmon.ResmonCfg
2015-04-28 17:17 - 2015-04-28 17:29 - 0001264 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Randy Jones\AppData\Local\Temp\Extract.exe
C:\Users\Randy Jones\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Randy Jones\AppData\Local\Temp\ose00000.exe
C:\Users\Randy Jones\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Randy Jones\AppData\Local\Temp\sfareca00001.dll
C:\Users\Randy Jones\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-16 05:18

==================== End of FRST.txt ============================

 

 

Here are the contents of Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Randy Jones (17-08-2016 00:55:16)
Running from C:\Users\Randy Jones\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-28 15:38:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-188667196-4161539773-1860255103-500 - Administrator - Disabled)
Guest (S-1-5-21-188667196-4161539773-1860255103-501 - Limited - Disabled)
Randy Jones (S-1-5-21-188667196-4161539773-1860255103-1000 - Administrator - Enabled) => C:\Users\Randy Jones

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CoffeeCup HTML Editor (HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\CoffeeCup HTML Editor) (Version:  - )
Connector (HKLM-x32\...\{3B5AF9D4-D952-4DBA-BC7E-814C38623393}) (Version: 1.0.1 - -)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version:  - EaseUS)
EASEUS Deleted File Recovery 3.0.1 (HKLM-x32\...\EASEUS Deleted File Recovery 3.0.1_is1) (Version:  - EASEUS)
EaseUS Partition Master 10.5 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
ER App version 4.0.11 (HKLM-x32\...\ER App_is1) (Version: 4.0.11 - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Expense Report Application version 3.0 (HKLM-x32\...\Expense Report Application_is1) (Version: 3.0 - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{104898A0-CA37-4BB4-AC27-46B6FE3280DD}) (Version: 3.3.44.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\{93AC3E1B-6EB7-3F2E-A187-CE742EF09CCD}) (Version: 52.0.2743.116 - Google, Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPSBabel 1.5.3 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Device Advisor (HKLM-x32\...\Intel® Device Advisor) (Version: 2.0.704.400 - DDNi)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Junos Pulse (Version: 5.0.47117 - Juniper Networks) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.47117 - Juniper Networks, Inc.)
K-Lite Codec Pack 11.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
Norton Family (HKLM-x32\...\NSM) (Version: 3.6.0.31 - Symantec Corporation)
Norton Security with Backup (HKLM-x32\...\NSBU) (Version: 22.7.0.76 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Oasis2Service (Intel® Device Advisor) (HKLM-x32\...\Oasis2Service (Intel® Device Advisor)) (Version: 2.0.704.4 - DDNi)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Pazera Free FLV to AVI Converter 1.9 (HKLM-x32\...\{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1) (Version: 1.9 - Jacek Pazera)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Study Bible (remove only) (HKLM-x32\...\PC Study Bible) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Prey Anti-Theft (x32 Version: 1.5.0 - Prey, Inc.) Hidden
Pulse Secure Setup Client (HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
rDrive (HKLM-x32\...\rDrive) (Version: 2.1.1.523eod - CoNetworx, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WhatsApp (HKU\S-1-5-21-188667196-4161539773-1860255103-1000\...\WhatsApp) (Version: 0.2.936 - WhatsApp)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wise Data Recovery 3.61 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.61 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 9.22 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.22 - WiseCleaner.com, Inc.)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-188667196-4161539773-1860255103-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D1A1B18-0D81-46AD-97C8-0314C7545F26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {25DE9DEE-C9E7-4636-B492-5AE52C18DD6A} - System32\Tasks\DDNi Startup (Intel® Device Advisor) => C:\Program Files (x86)\DDNi\Intel Device Advisor\DDNiStartup.exe [2016-03-11] (Digital Delivery Networks, Inc.)
Task: {2F2780CE-4BCC-46A3-8D6C-C29916FE5320} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {34643685-C279-4BAF-9C56-6771697CF7E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {410E0459-5EBD-4EE6-BA9B-604F1D44D199} - System32\Tasks\Intel® Device Advisor (Randy Jones) => C:\Program Files (x86)\DDNi\Intel Device Advisor\DeviceAdvisor.exe [2016-03-11] (Digital Delivery Networks, Inc.)
Task: {41C1BB35-0E15-48C4-A9D3-AA42AA39B21B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A0F1097-9677-49AD-B024-5B8EFBEEE961} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6BFE671D-7010-40F1-A67E-CC63836112ED} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {7CE43F11-4AB1-4F9A-A727-3898F6536F31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {87DBBFB3-B2F7-41F1-A787-76E995F40CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {889F5F5F-67C4-42BD-930A-DB204509E9CE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-188667196-4161539773-1860255103-1000UA => C:\Users\Randy Jones\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {8BAC5C04-0B56-402E-8B6B-7500A9102CC8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-188667196-4161539773-1860255103-1000Core => C:\Users\Randy Jones\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {8D82702B-D003-4417-918F-ADBFBBBE6922} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {9522EBF9-0AA5-4213-8FA7-330A9C50C079} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {A40454C8-2264-4BB9-BC3F-9A2B482C6894} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A47B2B54-C65C-4689-BE90-2A76840E1139} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC08D279-E449-460E-881F-A00157333343} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B1B417F5-4C8C-4E83-9359-32357E465B4C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {B2A7240C-8C51-4097-8DFB-BDC9EB0B8F62} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {B809DF50-60F6-43F9-AB4F-C943402D91DF} - System32\Tasks\{DC18EDCF-CA91-479D-8F76-F8E3E724B497} => pcalua.exe -a "C:\Users\Randy Jones\Downloads\Programs\JavaSetup8u101.exe" -d "C:\Users\Randy Jones\Downloads\Programs"
Task: {BBF50A26-61CD-420D-AD13-48339D6DCC8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {BF8064A0-03CB-40A6-BF3D-10F025FAEEA9} - System32\Tasks\HPCeeScheduleForRandy Jones => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C63ED403-4C1E-4349-9B01-1C0F9DD21066} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D008E380-C334-4067-81D5-1BE2C4C3C0C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D62694FF-3F36-4AC8-B9C0-CBE6E05FEC21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-07-06] (HP Inc.)
Task: {D91A05E3-3894-409C-B802-EA8E69B06252} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
Task: {E52C2151-DDCE-452A-8CDA-D73CFF1868E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E61BE472-EC71-4483-AB39-38A3B7B6032E} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E948E261-6F5B-4D20-B3E5-60424E451ADF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED2670E6-CE80-475E-BEAD-194568BEC2EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EDEDCF45-A75F-428D-95F4-678C77E23222} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EE401C39-81D2-4981-8F03-215150532E91} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F108BFDC-03DD-44EC-A447-57EA68719ED2} - System32\Tasks\USER_ESRV_SVC_DDNI => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\Recommender\ESRV\task.vbs"
Task: {F35C4BF0-6327-4A2F-A812-420E8922907B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F914E30D-CE92-461C-83CB-C990C3A89802} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-24] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-188667196-4161539773-1860255103-1000Core.job => C:\Users\Randy Jones\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-188667196-4161539773-1860255103-1000UA.job => C:\Users\Randy Jones\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRandy Jones.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-07-27 22:07 - 2011-07-27 22:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2016-03-18 15:56 - 2016-03-18 15:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 08:23 - 2016-07-05 08:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-09 03:52 - 2013-10-09 03:52 - 00384072 _____ () C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
2011-02-18 01:18 - 2011-02-18 01:18 - 00245760 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-09-26 21:48 - 2015-09-26 21:48 - 00059392 _____ () C:\Program Files (x86)\rDrive\shellext\OCUtil_x64.dll
2015-03-29 05:29 - 2015-03-29 05:29 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-20 08:23 - 2010-10-20 08:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-04 17:17 - 2013-09-04 17:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-28 19:00 - 2011-08-09 10:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 22:07 - 2011-07-27 22:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2016-05-23 17:43 - 2016-05-23 17:43 - 03692510 _____ () C:\Program Files (x86)\rDrive\rDrive.exe
2015-05-13 14:27 - 2014-11-18 07:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe
2016-06-10 15:10 - 2016-01-27 14:58 - 00413848 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\esrv_svc.exe
2016-06-10 15:10 - 2016-01-27 14:58 - 00709272 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\intel_modeler.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00130712 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\intel_process_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00025752 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\intel_system_power_state_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00059544 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\intel_quality_and_reliability_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00194712 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\acpi_battery_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00159896 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\sema_thermal_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00158360 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\wifi_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00050840 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\devices_use_input.dll
2016-06-10 15:10 - 2016-01-27 14:58 - 00032920 ____N () C:\Program Files\Intel\SUR\Recommender\ESRV\intel_disktrace_input.dll
2011-10-01 00:07 - 2011-10-01 00:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-02 12:49 - 2011-09-02 12:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2016-06-02 08:22 - 2015-05-28 22:46 - 00730440 ____R () C:\Program Files (x86)\Norton Family\Engine\3.6.0.31\cfi.dll
2016-06-10 15:11 - 2016-03-11 20:26 - 00045848 ____N () C:\Program Files (x86)\DDNi\Oasis2Service (Intel Device Advisor)\OasisCloudModel.dll
2016-06-10 15:11 - 2016-03-11 20:26 - 00017176 ____N () C:\Program Files (x86)\DDNi\Oasis2Service (Intel Device Advisor)\OasisCloudClient.dll
2013-09-04 17:14 - 2013-09-04 17:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 08:45 - 2010-10-20 08:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-23 17:42 - 2016-05-23 17:42 - 01188493 _____ () C:\Program Files (x86)\rDrive\libocsync.dll
2015-08-06 02:59 - 2015-08-06 02:59 - 00097326 _____ () C:\Program Files (x86)\rDrive\libgcc_s_sjlj-1.dll
2015-08-06 02:59 - 2015-08-06 02:59 - 00922727 _____ () C:\Program Files (x86)\rDrive\libstdc++-6.dll
2016-05-23 17:43 - 2016-05-23 17:43 - 01893267 _____ () C:\Program Files (x86)\rDrive\librDrivesync.dll
2015-08-06 02:10 - 2015-08-06 02:10 - 00085548 _____ () C:\Program Files (x86)\rDrive\zlib1.dll
2015-08-06 10:48 - 2015-08-06 10:48 - 00051095 _____ () C:\Program Files (x86)\rDrive\libqt5keychain.dll
2015-08-06 02:21 - 2015-08-06 02:21 - 02197765 _____ () C:\Program Files (x86)\rDrive\icui18n53.dll
2015-08-06 02:21 - 2015-08-06 02:21 - 01308778 _____ () C:\Program Files (x86)\rDrive\icuuc53.dll
2015-08-06 02:21 - 2015-08-06 02:21 - 21539975 _____ () C:\Program Files (x86)\rDrive\icudata53.dll
2015-08-06 02:11 - 2015-08-06 02:11 - 00148117 _____ () C:\Program Files (x86)\rDrive\libpcre16-0.dll
2015-08-06 02:16 - 2015-08-06 02:16 - 01366986 _____ () C:\Program Files (x86)\rDrive\libGLESv2.dll
2015-08-06 02:14 - 2015-08-06 02:14 - 00209711 _____ () C:\Program Files (x86)\rDrive\libpng16-16.dll
2015-08-06 02:16 - 2015-08-06 02:16 - 00154982 _____ () C:\Program Files (x86)\rDrive\libEGL.dll
2015-08-06 02:14 - 2015-08-06 02:14 - 00350662 _____ () C:\Program Files (x86)\rDrive\libjpeg-8.dll
2015-08-06 02:17 - 2015-08-06 02:17 - 00689339 _____ () C:\Program Files (x86)\rDrive\libsqlite3-0.dll
2015-08-06 04:35 - 2015-08-06 04:35 - 00247540 _____ () C:\Program Files (x86)\rDrive\libwebp-4.dll
2015-08-06 02:26 - 2015-08-06 02:26 - 01169416 _____ () C:\Program Files (x86)\rDrive\libxml2-2.dll
2015-08-06 04:38 - 2015-08-06 04:38 - 00231727 _____ () C:\Program Files (x86)\rDrive\libxslt-1.dll
2015-05-13 14:27 - 2014-02-13 08:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\traynet.dll
2015-05-13 14:27 - 2014-02-13 08:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\libcurl.dll
2015-05-13 14:27 - 2014-02-13 08:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\zlib1.dll
2015-05-13 14:27 - 2014-02-13 08:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\uexper.dll
2016-08-06 23:13 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-08-06 23:13 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-05-17 07:48 - 2016-05-17 07:48 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInterop.ni.dll
2015-04-28 18:59 - 2011-05-20 12:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-31 14:35 - 2014-03-31 14:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2016-08-05 12:38 - 2016-06-29 21:25 - 00035792 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-05 12:37 - 2016-06-29 21:25 - 00145864 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-05 12:37 - 2016-06-29 21:26 - 00019408 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-05 12:37 - 2016-06-29 21:25 - 00116688 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-08-05 12:38 - 2016-06-29 21:25 - 00100296 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-08-05 12:38 - 2016-06-29 21:25 - 00018888 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\select.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00019760 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-08-05 12:38 - 2016-06-29 21:25 - 00694224 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-05 12:37 - 2016-08-01 16:26 - 00020816 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-08-05 12:38 - 2016-06-29 21:26 - 00123856 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-05 12:37 - 2016-08-01 16:26 - 01682760 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-05 12:37 - 2016-08-01 16:26 - 00020808 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00021312 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00052024 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00038696 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00105928 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 12:37 - 2016-06-29 21:25 - 00392144 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-05 12:37 - 2016-06-29 21:27 - 00020936 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00024528 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00114640 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00381752 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00124880 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00025424 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00024016 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00175560 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00030160 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00043472 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00048592 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00026456 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00057808 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00024016 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-05 12:37 - 2016-08-01 16:26 - 00246592 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00028616 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00020800 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00019776 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00020800 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-08-05 12:38 - 2016-06-29 21:25 - 00144848 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-05 12:38 - 2016-06-29 21:26 - 00241104 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-05 12:37 - 2016-08-01 16:26 - 00020280 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00023376 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00350152 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00022352 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00024392 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-05 12:37 - 2016-06-29 21:28 - 00036296 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-05 12:37 - 2016-08-01 16:27 - 00084280 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-05 12:37 - 2016-08-01 16:27 - 01826096 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-08-05 12:38 - 2016-06-29 21:26 - 00083912 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 03929392 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 01972016 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00531248 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00132912 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00224056 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00207672 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00020288 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-08-05 12:38 - 2016-06-29 21:27 - 00060880 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 12:38 - 2016-08-01 16:27 - 00024904 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00546096 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00357680 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00168248 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-05 12:37 - 2016-08-01 16:27 - 00042808 _____ () C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2014-11-19 05:48 - 2014-11-19 05:48 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2014-11-11 03:21 - 2014-11-11 03:21 - 00392552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 03:21 - 2014-11-11 03:21 - 00059752 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2014-11-19 05:47 - 2014-11-19 05:47 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 05:46 - 2014-11-19 05:46 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 05:48 - 2014-11-19 05:48 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2016-08-16 20:12 - 2016-08-16 20:12 - 00158720 _____ () C:\Users\Randy Jones\AppData\Local\Temp\sfareca00001.dll
2016-08-16 20:12 - 2016-08-16 20:12 - 00192512 _____ () C:\Users\Randy Jones\AppData\Local\Temp\sfamcc00001.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [94]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TampMon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TampMon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-07-16 05:36 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-188667196-4161539773-1860255103-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Randy Jones\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{80240F00-020E-4675-999A-186808854148}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A6C8DE79-53FD-4E4B-8657-15B726A7E352}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8F66A63B-F436-498D-A38C-807F94655D7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{144129F5-5E4E-4B17-809D-D7846922E285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A45DF66-C44D-48E2-8860-C449F1517D21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{14568DE8-E7E8-4789-95E2-597BC6D0AD43}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{13011C9E-142F-4D69-9841-BB786CB856BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{38DDA2D8-774D-4D26-97B2-A8CD93BF538F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8FE2D193-ECD4-42F5-8FFF-E846C4F792F3}] => (Allow) C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{94117B81-F635-44BF-9B27-81ECA3F6A712}] => (Allow) C:\Users\Randy Jones\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{824E8D82-EFC1-4789-BED7-E7BE133A78A0}C:\program files (x86)\synology data replicator  3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator  3\backup.exe
FirewallRules: [UDP Query User{88B828DE-0364-4771-AE67-448612D06118}C:\program files (x86)\synology data replicator  3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator  3\backup.exe
FirewallRules: [{5826538A-41C6-4EE7-8A77-0BEA25FBDF0D}] => (Allow) C:\Users\Randy Jones\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EDC5FFD-208B-40CC-9FAE-B48C9833431E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{167031FF-8133-4E43-9CC1-85A72CE518F1}] => (Allow) LPort=2869
FirewallRules: [{50E19C92-6F97-4C44-8481-D16130921A05}] => (Allow) LPort=1900
FirewallRules: [{4827A669-7C61-4040-8645-DCF55EDEC181}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{879B24DD-6752-40B0-BE9E-408CC646AA27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4A0280B3-DA9C-49FC-BAB0-84B6BDE04A85}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{ABF55198-4498-4221-9CF1-CD51C571D55A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{4E5F7DFC-97A3-4DDD-8AF0-B966A4886A0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{17B30866-4C06-4965-887D-11BFBF3848CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{942BBA6D-94C3-4595-97C9-50907256E3E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{2F3DAFDD-3658-412E-8D6E-BDF8A4A7D5A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{C9F5B21B-BBCD-49E8-8EA2-AF2F114BABBC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9F664CEF-0EFA-4B1D-8FA9-E17505436031}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{44FC419A-3A65-4A9D-87B5-28E32A0067CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{D204C8AF-4CC8-4A41-AF5D-487432CAF80E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0F4BBA85-080D-4822-A539-F2EFEEC9BF26}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{0CB60C43-DF83-424A-A2F1-0ABED1874A13}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{10CB8FD2-B9FB-4D15-8464-19884A15FDCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{EA5C5DBC-1E75-4E28-914F-3795C940CD3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0F12E615-F9FB-4257-9A54-E3EA12CD5A2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{2B739F8C-7A04-41F7-9392-8883AE562C46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{582ACF8D-3003-404F-B810-3499045F83C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{EE20F819-17F8-400B-9070-AC241F4E018C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7A3F963E-B2FD-44E1-93AC-486044EFF075}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{245F99D1-3A57-4AD3-873C-C0A8EED2C20B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{61BF48CA-E89D-4ED3-9197-1649A0396B68}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7ADA1FD3-6EC4-4B7C-B88F-F0439FA9AA82}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{73F85EFE-4D76-4F87-A3A2-86302CDB434E}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{060A1BF5-31CA-46F2-BAFD-98B0633FFCF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A0883014-7043-4F8A-984E-6223669562D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2179B50-0787-4343-BF7A-C2A1D798C9EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E637D9E-CA02-4707-BCE8-89DF905D36BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93D28A40-1F86-4ECF-967D-FD59943C0172}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BB730B0D-6E9E-4304-848D-F7581E9319A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-08-2016 14:02:08 Scheduled Checkpoint
10-08-2016 22:27:50 Windows Update
12-08-2016 01:46:37 Windows Update
16-08-2016 18:24:34 Windows Update

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2016 11:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18427, time stamp: 0x57a02609
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xc0000005
Fault offset: 0x00035f75
Faulting process id: 0x784
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/16/2016 08:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18427, time stamp: 0x57a02609
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe06d7363
Fault offset: 0x0000c54f
Faulting process id: 0x242c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/16/2016 02:46:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 08:52:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 12:25:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2016 01:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2016 08:44:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2016 08:19:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2016 10:51:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2016 11:45:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18377, time stamp: 0x575afa93
Faulting module name: SkypeIEPlugin.dll, version: 8.3.0.9150, time stamp: 0x57456f36
Exception code: 0xc0000005
Fault offset: 0x000daef6
Faulting process id: 0x189c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (08/16/2016 02:47:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/16/2016 01:23:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/16/2016 08:59:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/16/2016 08:54:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/16/2016 12:25:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/16/2016 12:24:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Juniper Unified Network Service service hung on starting.

Error: (08/16/2016 12:22:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:23:40 AM on ‎2016/‎08/‎15 was unexpected.

Error: (08/14/2016 01:34:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/13/2016 08:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/12/2016 08:19:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 4043.6 MB
Available physical RAM: 1308.78 MB
Total Virtual: 8085.39 MB
Available Virtual: 3742.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.94 GB) (Free:284.57 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.41 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4E2729A3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 

Thanks in advance for your help.

 

Randy

 

 

 

 


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,343 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 August 2016 - 01:33 AM

Hello Randyj and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\EX64.SYS [X]
U3 aswMBR; \??\C:\Users\RANDYJ~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\RANDYJ~1\AppData\Local\Temp\aswVmm.sys [X]
2016-08-06 23:15 - 2016-08-06 23:15 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-06 23:13 - 2016-08-12 00:26 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Wondershare
2016-08-06 23:13 - 2016-08-06 23:13 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\Wondershare
2016-08-06 23:00 - 2016-08-06 23:12 - 00000000 ____D C:\Users\Public\Documents\Wondershare
Task: {41C1BB35-0E15-48C4-A9D3-AA42AA39B21B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A0F1097-9677-49AD-B024-5B8EFBEEE961} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7CE43F11-4AB1-4F9A-A727-3898F6536F31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {87DBBFB3-B2F7-41F1-A787-76E995F40CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A40454C8-2264-4BB9-BC3F-9A2B482C6894} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A47B2B54-C65C-4689-BE90-2A76840E1139} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC08D279-E449-460E-881F-A00157333343} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C63ED403-4C1E-4349-9B01-1C0F9DD21066} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E948E261-6F5B-4D20-B3E5-60424E451ADF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED2670E6-CE80-475E-BEAD-194568BEC2EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EDEDCF45-A75F-428D-95F4-678C77E23222} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EE401C39-81D2-4981-8F03-215150532E91} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Program Files (x86)\Common Files\Wondershare
C:\Users\Randy Jones\AppData\Local\Temp\Extract.exe
C:\Users\Randy Jones\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Randy Jones\AppData\Local\Temp\ose00000.exe
C:\Users\Randy Jones\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Randy Jones\AppData\Local\Temp\sfareca00001.dll
C:\Users\Randy Jones\AppData\Local\Temp\uninstall.exe
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Randyj

Randyj

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 17 August 2016 - 09:51 AM

Hi Satchfan,

 

Thanks for helping me. Here is the output you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Randy Jones (17-08-2016 10:30:01) Run:1
Running from C:\Users\Randy Jones\Desktop\WhatTheTech
Loaded Profiles: Randy Jones (Available Profiles: Randy Jones)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with
Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\EX64.SYS [X]
U3 aswMBR; \??\C:\Users\RANDYJ~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\RANDYJ~1\AppData\Local\Temp\aswVmm.sys [X]
2016-08-06 23:15 - 2016-08-06 23:15 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-06 23:13 - 2016-08-12 00:26 - 00000000 ____D C:\Users\Randy Jones\AppData\Roaming\Wondershare
2016-08-06 23:13 - 2016-08-06 23:13 - 00000000 ____D C:\Users\Randy Jones\AppData\Local\Wondershare
2016-08-06 23:00 - 2016-08-06 23:12 - 00000000 ____D C:\Users\Public\Documents\Wondershare
Task: {41C1BB35-0E15-48C4-A9D3-AA42AA39B21B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A0F1097-9677-49AD-B024-5B8EFBEEE961} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7CE43F11-4AB1-4F9A-A727-3898F6536F31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task:
{87DBBFB3-B2F7-41F1-A787-76E995F40CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A40454C8-2264-4BB9-BC3F-9A2B482C6894} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A47B2B54-C65C-4689-BE90-2A76840E1139} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC08D279-E449-460E-881F-A00157333343} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C63ED403-4C1E-4349-9B01-1C0F9DD21066} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E948E261-6F5B-4D20-B3E5-60424E451ADF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED2670E6-CE80-475E-BEAD-194568BEC2EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EDEDCF45-A75F-428D-95F4-678C77E23222} -
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EE401C39-81D2-4981-8F03-215150532E91} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Program Files (x86)\Common Files\Wondershare
C:\Users\Randy Jones\AppData\Local\Temp\Extract.exe
C:\Users\Randy Jones\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Randy Jones\AppData\Local\Temp\ose00000.exe
C:\Users\Randy Jones\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Randy Jones\AppData\Local\Temp\sfareca00001.dll
C:\Users\Randy Jones\AppData\Local\Temp\uninstall.exe
EmptyTemp:

*****************

Processes closed successfully.
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully
WsDrvInst => service removed successfully
NAVENG => service could not remove
NAVEX15 => service could not remove
Backup\NortonData\22.1.0.9\Definitions\SDSDefs\20160623.001\EX64.SYS [X] => Error: No automatic fix found for this entry.
aswMBR => service not found.
aswVmm => service not found.
C:\ProgramData\Wondershare => moved successfully
C:\Users\Randy Jones\AppData\Roaming\Wondershare => moved successfully
C:\Users\Randy Jones\AppData\Local\Wondershare => moved successfully
C:\Users\Public\Documents\Wondershare => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41C1BB35-0E15-48C4-A9D3-AA42AA39B21B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41C1BB35-0E15-48C4-A9D3-AA42AA39B21B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0F1097-9677-49AD-B024-5B8EFBEEE961}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0F1097-9677-49AD-B024-5B8EFBEEE961}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CE43F11-4AB1-4F9A-A727-3898F6536F31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE43F11-4AB1-4F9A-A727-3898F6536F31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
Task: => Error: No automatic fix found for this entry.
{87DBBFB3-B2F7-41F1-A787-76E995F40CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A40454C8-2264-4BB9-BC3F-9A2B482C6894}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A40454C8-2264-4BB9-BC3F-9A2B482C6894}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A47B2B54-C65C-4689-BE90-2A76840E1139}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A47B2B54-C65C-4689-BE90-2A76840E1139}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC08D279-E449-460E-881F-A00157333343}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC08D279-E449-460E-881F-A00157333343}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C63ED403-4C1E-4349-9B01-1C0F9DD21066}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C63ED403-4C1E-4349-9B01-1C0F9DD21066}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E948E261-6F5B-4D20-B3E5-60424E451ADF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E948E261-6F5B-4D20-B3E5-60424E451ADF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED2670E6-CE80-475E-BEAD-194568BEC2EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED2670E6-CE80-475E-BEAD-194568BEC2EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {EDEDCF45-A75F-428D-95F4-678C77E23222} - => key not found.
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE401C39-81D2-4981-8F03-215150532E91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE401C39-81D2-4981-8F03-215150532E91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
C:\Program Files (x86)\Common Files\Wondershare => moved successfully
C:\Users\Randy Jones\AppData\Local\Temp\Extract.exe => moved successfully
C:\Users\Randy Jones\AppData\Local\Temp\NOSEventMessages.dll => moved successfully
C:\Users\Randy Jones\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Randy Jones\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\Randy Jones\AppData\Local\Temp\sfareca00001.dll => moved successfully
C:\Users\Randy Jones\AppData\Local\Temp\uninstall.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 159316428 B
Java, Flash, Steam htmlcache => 86027 B
Windows/system/drivers => 518412 B
Edge => 0 B
Chrome => 19314298 B
Firefox => 27328056 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58475553 B
systemprofile32 => 73004 B
LocalService => 0 B
NetworkService => 27634 B
Randy Jones => 603434558 B

RecycleBin => 70756143 B
EmptyTemp: => 903.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:35:02 ====

 

Thanks,

Randy



#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,343 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 August 2016 - 10:00 AM

Has that solved the problem?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 Randyj

Randyj

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 17 August 2016 - 10:25 AM

Hi Satchfan,

 

Thanks! I'm not getting the Wondershare popup any more and I can't find any trace of it.  Awesome!

 

Did you see anything else in my initial scans that is concerning, that would make my computer respond at times like trying to run in peanut butter?

 

Thanks,

Randy



#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,343 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 August 2016 - 01:24 PM

I'm not an expert in anything "Windows" but your computer looks healthy as far as being free of anything "bad".

My personal opinion - to make things run better, ditch Norton. It always has been, (and still is), a resource hog. For Windows 7, Microsoft Security Essentials and Windows do a fine job as antivirus and firewall.

 

If there are no more problems related to the original topic, please do the following to tidy up and make your computer less vulnerable in the future:

 

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

===================================================

Update installed programs

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall this:

Java 8 Update 101

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,343 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 August 2016 - 03:30 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users