Reimageplus.com PCKeeper.com Chrome Redirect Browswer Virus

Frank Truth

New Member
Thread author
Jul 2, 2017
3
Hi

I ran Farbar recovery scan tool. I don't know where to find their logs. I can't find the logs because the trees in the forest are too thick.
 

Frank Truth

New Member
Thread author
Jul 2, 2017
3
I ran FUBAR and copied the file and pasted it here.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Test (02-07-2017 21:50:16)
Running from D:\Downloads
Windows 10 Pro Version 1703 (X64) (2017-07-01 16:56:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2498043869-198999186-3455998481-500 - Administrator - Enabled) => C:\Users\Administrator
Carla Administrator (S-1-5-21-2498043869-198999186-3455998481-1003 - Administrator - Enabled)
DefaultAccount (S-1-5-21-2498043869-198999186-3455998481-503 - Limited - Disabled)
Guest (S-1-5-21-2498043869-198999186-3455998481-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2498043869-198999186-3455998481-1002 - Limited - Enabled)
Test (S-1-5-21-2498043869-198999186-3455998481-1004 - Administrator - Enabled) => C:\Users\Test
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.4.0 - IObit)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avery Wizard 5.0 (HKLM-x32\...\{D43E122B-C053-4545-999A-2219BF8F6422}) (Version: 5.0.3 - Avery)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
DavkaWriter 7 (HKLM-x32\...\{3E329396-D66F-4EE5-9D81-BE6C47539304}) (Version: 7.0.28 - Davka Corp)
Document Translator (HKLM-x32\...\{3046D1AE-D446-4CFF-A136-1A2A38B2840C}) (Version: 1.0.0 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Ginger (HKLM-x32\...\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.63 - Ginger Software) Hidden
Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.63 - Ginger Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\GrammarlyForWindows) (Version: 1.5.27 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{278DEA03-1D32-4CF3-B964-35F6C76E5BCC}) (Version: 6.4.104.5108 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.146.1 - Intel Security)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
KeyRocket (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\83fe5c4ae9878b0a) (Version: 2.0.3.15724 - Veodin)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office 365 - he-il (HKLM\...\O365HomePremRetail - he-il) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - hrvatski (HKLM-x32\...\{90150000-001F-041A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040D-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
Omron Wellness Gateway (HKLM-x32\...\{B868407A-F0CB-4AAD-BC1E-8C0A4BB30B16}) (Version: 1.2.0 - Omron)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Skype for Business Web App Plug-in (HKLM-x32\...\{7EA9A4CD-6875-4F3C-A4D4-42C924AD3CF8}) (Version: 15.8.20020.351 - Microsoft Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}) (Version: 16.0.6514 - Acronis) Hidden
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 3.2.0.2 - Zabkat)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> No File
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  -> No File
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-02] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ContextMenuHandlers01: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-02] ()
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-07-01] (Microsoft Corporation)
ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {081F7581-3751-4240-9C5A-9F4C1BBAC0DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {138F0058-AE96-4800-A0C5-969F92F72E8F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-27] (Dropbox, Inc.)
Task: {147A2C5A-87D2-4BFD-8924-32C4F6BCFFA9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1B7161B1-8940-4E45-A06B-744A9C6FBBDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1D9BAA15-4235-4F82-8ABD-BE5B3ED39614} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {21885652-4984-462A-B846-EE9F112CACF3} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit)
Task: {22E4397F-BD79-428C-B371-24A12BD65353} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23E48F5C-A39D-431F-B2E5-38DD3155FE11} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F525B11-78E1-47CD-A70D-4A892831C317} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3609611A-1165-4E83-AC1E-A22B0D26C52C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {38AC3E0D-917A-4792-9CF9-CA1025A0123C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3CC8475F-9427-436B-9F6F-C41A04B8CDE7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {417D9384-6F9F-470D-A1CB-D024A1535704} - System32\Tasks\{72F2DB09-B79F-4089-803E-15FCC52B17AA} => pcalua.exe -a D:\Downloads\HL-4570CDW-inst-D2-euus.EXE
Task: {44239D1A-562B-45BD-BD2F-E6E9EB557097} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FF917E1-CC68-464C-9632-4639B963DED0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {52CC1814-C0C9-4322-973F-2624DA3CC545} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {540340FC-E78C-41DF-9DF9-7DEC35F945BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {55639207-CA1B-46D6-9A87-231E641A4C0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-22] (Adobe Systems Incorporated)
Task: {5DC4A796-2F0F-4888-BB2F-87EFAC7E1ED6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6167AFF8-50C2-4256-86B6-7363F40A8D1A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6560E448-AC2E-47F6-90B7-0E8483D1EA87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {6CE721E2-AABD-434C-AA11-D25444015DC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {787C25CB-A899-486F-8DC0-8FE4CD214846} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79EF84FB-BFD9-487E-B79D-79D9044545D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {7BB81C6F-FD22-4A0D-99AE-3E99B344BDCC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7C8BE5C1-05B8-4BB9-AFB9-1A68904249E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7F13B0E2-8732-4FB1-ABCB-632AEB15E5D4} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {810E6077-5E8A-48BF-A23E-0E8E5424F029} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8527D3AE-12C5-441E-86C9-445BB5286B5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {86B3AE9C-87E0-4E8D-9E83-77A62A357C33} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {89A5DF8C-8E94-4453-9555-2B5050487D3E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {90788341-8FB2-47C7-AF4E-B4A300E8694C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9088D468-6483-45C7-BBBE-A65D63F968A5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {92CA0967-C3DF-4272-B669-41D50FC23EC9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-30] (Microsoft Corporation)
Task: {935E8BF6-B111-49FA-9C7C-C5E8351CEC58} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {949456DF-9A9C-4674-AB2A-17BD6B523062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {97515886-A083-44B1-AD25-9E511B0B3DE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9CA222E5-C77C-4FDB-B763-4F7CC0EDAB18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {A1C71E52-7E04-4CFE-BCF0-06A4A27AB115} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-27] (Dropbox, Inc.)
Task: {A580D85E-45E8-402A-B108-98028D868B1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B002F6F7-6402-4351-A061-73A16762E133} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD68A7BC-57FB-42CB-A7FB-DE011E451B85} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C674B080-6338-4AE1-9BC7-DA696D6B3854} - System32\Tasks\{735AEA1C-C720-4A68-92AC-2306DD0B53B3} => pcalua.exe -a C:\Users\Test\Desktop\Y10B_C1-gdi-64-107.EXE -d C:\Users\Test\Desktop
Task: {C845E1EB-D0E5-4B02-9DEE-8CDF62BF5357} - System32\Tasks\Uninstaller_SkipUac_Test => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {D01F688B-D719-4C9E-B18F-A5BBA977CCFD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2FB6AEF-F3C8-472B-9554-933AB85C79DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] ()
Task: {D4CEA064-12C3-42F7-8EA2-B25075D817BA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6802854-DE71-4A79-8E9D-521416C1BF43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DD745DDD-E723-452C-92E4-1D5A6EBE177B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] ()
Task: {DDD716EE-6206-4317-8297-7A8F6C357C1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E63A1A4E-F97D-4FF6-994D-351A00EDC522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F1D4F05D-65FB-4601-8129-BEE11547EF86} - System32\Tasks\ASC10_SkipUac_Test => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-05-31] (IObit)
Task: {F4D89949-676E-409B-A02A-18AC41BE71EC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {F544EFCB-E92C-44FB-8436-0916ACD7039A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F657332F-9680-49E3-8180-5CCF0EDEB3F2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FB937466-3667-49CB-BB3A-C7B3204C785A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE08E2C0-6E16-4359-BE92-DFCC24CF822F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Test.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Awesome Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mfpiaehgjbbfednooihadalhehabhcjo
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for Dropbox.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hlffpaajmfllggclnjppbblobdhokjhe
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jbfdfcehgafdbfpniaimfbfomafoadgo
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Video Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gdebnehfojpoccpaocfbelbclfnpbmij
==================== Loaded Modules (Whitelisted) ==============
2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-22 18:29 - 2017-06-22 18:29 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-22 18:29 - 2017-06-22 18:29 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-22 18:29 - 2017-06-22 18:29 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-22 18:29 - 2017-06-22 18:29 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-07-29 21:27 - 2016-03-18 08:23 - 02151424 _____ () C:\Program Files\Ditto\Ditto.exe
2017-06-06 03:20 - 2017-06-06 03:21 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 18:29 - 2017-06-22 18:29 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 18:29 - 2017-06-22 18:29 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 18:29 - 2017-06-22 18:29 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2016-06-30 04:23 - 2016-12-02 16:09 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-07 22:19 - 2017-06-23 22:12 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-07-02 02:25 - 2017-07-02 02:25 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-06-26 08:37 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-06-26 08:37 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-06-26 08:37 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2013-11-01 19:03 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-06-26 06:27 - 2017-06-26 06:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\dropbox_watchdog.dll
2017-06-26 06:26 - 2017-06-26 06:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_ctypes.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\select.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\tornado.speedups.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_multiprocessing.pyd
2017-06-26 06:28 - 2017-06-26 06:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._constant_time.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_cffi_backend.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\unicodedata.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._openssl.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._padding.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pyexpat.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\faulthandler.pyd
2017-06-26 06:27 - 2017-06-26 06:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pywintypes27.dll
2017-06-26 06:26 - 2017-06-26 06:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32api.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.crt.compiled._winffi_crt.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\psutil._psutil_windows.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\fastpath.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32event.pyd
2017-06-26 06:27 - 2017-06-26 06:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pythoncom27.dll
2017-06-26 06:26 - 2017-06-26 06:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\mmapfile.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32security.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32com.shell.shell.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32file.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32clipboard.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32gui.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32pipe.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32process.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32service.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32evtlog.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32profile.pyd
2017-06-26 06:28 - 2017-06-26 06:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cpuid.compiled._cpuid.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-26 06:28 - 2017-06-26 06:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\breakpad.client.windows.handler.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWidgets.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\sip.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtCore.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtGui.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32ts.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebEngineWidgets.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebChannel.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtNetwork.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebKit.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebKitWidgets.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtPrintSupport.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32print.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winrpcserver.compiled._RPCServer.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.user32.compiled._winffi_user32.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\windisplaytoast.compiled._DisplayToast.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-26 06:26 - 2017-06-26 06:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winxpgui.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWinExtras.pyd
2017-06-26 06:30 - 2017-06-26 06:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winverifysignature.compiled._VerifySignature.pyd
2017-06-26 06:29 - 2017-06-26 06:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\librsyncffi.compiled._librsyncffi.pyd
2017-06-26 06:27 - 2017-06-26 06:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\librsync.dll
2017-06-26 06:29 - 2017-06-26 06:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\enterprise_data.compiled._enterprise_data.pyd
2017-06-26 06:27 - 2017-06-26 06:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\EnterpriseDataAdapter.dll
2017-06-26 06:27 - 2017-06-26 06:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\libEGL.dll
2017-06-26 06:27 - 2017-06-26 06:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\libGLESv2.dll
2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.shcore.compiled._winffi_shcore.pyd
2017-06-26 08:39 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-06-26 08:39 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-06-26 08:39 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-06-26 08:39 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-06-26 08:37 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-06-26 08:37 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-06-26 08:39 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2017-06-26 08:39 - 2017-05-17 13:45 - 00631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2016-12-07 21:45 - 2017-06-22 18:31 - 00272072 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL
2016-06-30 07:24 - 2016-12-02 16:09 - 00564736 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\comcast.net -> hxxps://login.comcast.net
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2017-07-02 13:59 - 00001225 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.0.0.1 [URL="http://www.pckeeper.com"]www.pckeeper.com[/URL]
127.0.0.1 [URL="http://www.reimageplus.com"]www.reimageplus.com[/URL]
127.0.0.1 [URL="http://land.pckeeper.software/land/9.6.5/index.php?affid=mzb_299.1791773.1499018050.20.mzb&utm_source=&utm_medium=&utm_campaign=pck_ytz_us_96&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1641011700&tid_ext=pck_ytz_rs_sale;a673f301-660e-4bc5-9138-d4c35fb72c04;a673f301-660e-4bc5-9138-d4c35fb72c04"]PCKeeper[/URL]
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: ARcltsrv => 2
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Omron Wellness Gateway.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "FAHConsole"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "IDrive Background process"
HKLM\...\StartupApproved\Run32: => "IDrive Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Rainlendar2"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E1D46C574EBA950FEDF46817FE573EFA"
HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DB978970-6535-40F5-A29E-BC2A778CB021}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{C68A09D3-2C82-4E84-A529-E042E139E465}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{8C528BC7-4410-428F-9108-00EECF53CEA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C218EB3C-1CE5-4E13-950D-B55E5E2898D7}] => (Allow) C:\Windows\SysWOW64\install\Data\Disk1\setup.exe
FirewallRules: [{909DD55A-3D16-4173-BED1-BFA915C88802}] => (Allow) C:\Windows\SysWOW64\install\Data\Disk1\setup.exe
FirewallRules: [{7B2F5CA2-6351-4662-8B60-9F7392B33F7B}] => (Allow) C:\Users\Test\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{F3481735-C853-4E5B-B267-82F984CA8A06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{099B0316-8275-4659-9BDC-695A7700F3A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F3B2E533-B8DC-488C-9B3B-1C72F6497D70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4032F137-2249-4133-A053-AC84BC094ED5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD1AD34F-DE06-43EB-8C52-05A61AC93972}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8AC7DD7-BD4C-4546-91C7-2BFBFBEB8C9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD06912C-2814-449E-95C7-CD0319A638B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D35ECC85-07A5-448D-A1F9-FEC0736484E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50947177-EBE9-4DDF-886D-B726B66C2679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED95A5FE-884A-43B9-9A09-AA8E62554AB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{E600AD31-ECD5-4150-8CF0-13B9C2E704B2}C:\windows\splwow64.exe] => (Block) C:\windows\splwow64.exe
FirewallRules: [TCP Query User{67B25FBE-91B1-4DB8-B1CE-533908EC6CE3}C:\windows\splwow64.exe] => (Block) C:\windows\splwow64.exe
FirewallRules: [{F1911002-B03A-4C19-8D6E-D5F1C32E5BA4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{12070C65-6AB2-47F0-A854-E2D2AFC3EE37}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{2A0612B7-CC58-4F93-998A-DA19413140D5}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [TCP Query User{74CD6644-72D8-4D1D-8496-6D837BE64030}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [UDP Query User{465A41BA-5032-4BC6-9E33-C60A6667104D}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [TCP Query User{FDA9D906-C72C-4A82-A028-02C1551560DA}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [{8609CCEC-9738-4186-8C79-6EA1ED6ED8A6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{8C79D98E-9E9E-4781-9698-5EC2CAD2E557}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{F1734726-1EC9-4B49-BB25-0DC1E1BB9287}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{8EC1B6AC-A986-4FBD-8BA4-432AD3CCB5F6}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [{C78E5546-6388-4A2A-962A-1C51846951BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5CC1FD65-DBDA-45D5-A042-0D9BF5D7CCD6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{DB3A6513-7A7A-44C8-9A05-620BCAC2463E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D8F959EA-213A-43DD-B824-803229E63DAA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6A4472A9-C644-42EB-A286-B7EC59BCA6D3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B09710D0-667B-43E3-A239-D9BDACFE8C1C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (07/02/2017 09:39:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dllhost.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3600
Start Time: 01d2f370ebc2e3e1
Termination Time: 4294967295
Application Path: C:\Windows\System32\dllhost.exe
Report Id: ef116a08-5565-4e06-8f6b-d2dba2967c75
Faulting package full name:
Faulting package-relative application ID:
Error: (07/02/2017 08:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3e68
Faulting application start time: 0x01d2f394e8aaacb9
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 36eebd0c-f643-4b08-b119-87c01819fafb
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (07/02/2017 08:40:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3e68
Faulting application start time: 0x01d2f394e8aaacb9
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: f22a36ba-5b48-45b0-9d56-c161436caac9
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (07/02/2017 07:00:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (07/02/2017 02:35:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5
Error: (07/02/2017 02:35:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5
Error: (07/02/2017 02:01:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy5
Error: (07/02/2017 01:51:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)
Description: Microsoft.Getstarted_8wekyb3d8bbwe5
Error: (07/02/2017 11:12:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/02/2017 05:11:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xcfffffff
Fault offset: 0x00000000000a8c24
Faulting process id: 0x31f0
Faulting application start time: 0x01d2f3131a021ee2
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5fb96941-c068-46d8-9ed7-229db3aaccbf
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

System errors:
=============
Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 02:01:16 PM) (Source: DCOM) (EventID: 10001) (User: OWNER-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
Error: (07/01/2017 02:01:15 PM) (Source: DCOM) (EventID: 10010) (User: OWNER-PC)
Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout.
Error: (07/01/2017 01:05:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. driver update for AMD Radeon HD 6570.
Error: (07/01/2017 12:55:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The BranchCache service terminated with the following service-specific error: 
This program is blocked by group policy. For more information, contact your system administrator.
Error: (07/01/2017 12:55:07 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (07/01/2017 12:54:14 PM) (Source: WinRM) (EventID: 10142) (User: )
Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.

CodeIntegrity:
===================================
  Date: 2017-07-02 21:41:45.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 21:41:45.333
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 16:39:40.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 16:39:40.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 02:25:52.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 02:25:52.634
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 01:19:56.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 01:19:56.818
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 01:05:57.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-02 01:05:57.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 49%
Total physical RAM: 16364.24 MB
Available physical RAM: 8247.77 MB
Total Virtual: 19308.24 MB
Available Virtual: 8946.29 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.25 GB) (Free:40.27 GB) NTFS
Drive d: (Storage) (Fixed) (Total:465.76 GB) (Free:198.87 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 828833BA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 318EDBA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 MB) - (Type=27)
==================== End of Addition.txt ============================
 
Last edited by a moderator:

Frank Truth

New Member
Thread author
Jul 2, 2017
3
I have three hard drives. My C:\ drive is a 120 GB solid state hard drive for program files. My D:\ drive are 2 7,500 RPM 500 GB HARD DRIVES mirrored RAID 1. There is a "SMART EVENT" error on one of the 500 GB Hard drives that has always been there since it was installed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top