Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Reimageplus.com PCKeeper.com Chrome Redirect Browswer Virus
Message
<blockquote data-quote="Frank Truth" data-source="post: 647471" data-attributes="member: 63840"><p>I ran FUBAR and copied the file and pasted it here. </p><p></p><p>[code]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017</p><p>Ran by Test (02-07-2017 21:50:16)</p><p>Running from D:\Downloads</p><p>Windows 10 Pro Version 1703 (X64) (2017-07-01 16:56:05)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p>==================== Accounts: =============================</p><p>Administrator (S-1-5-21-2498043869-198999186-3455998481-500 - Administrator - Enabled) => C:\Users\Administrator</p><p>Carla Administrator (S-1-5-21-2498043869-198999186-3455998481-1003 - Administrator - Enabled)</p><p>DefaultAccount (S-1-5-21-2498043869-198999186-3455998481-503 - Limited - Disabled)</p><p>Guest (S-1-5-21-2498043869-198999186-3455998481-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-2498043869-198999186-3455998481-1002 - Limited - Enabled)</p><p>Test (S-1-5-21-2498043869-198999186-3455998481-1004 - Administrator - Enabled) => C:\Users\Test</p><p>==================== Security Center ========================</p><p>(If an entry is included in the fixlist, it will be removed.)</p><p>AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>==================== Installed Programs ======================</p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p>64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden</p><p>7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )</p><p>7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)</p><p>Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)</p><p>Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.4.0 - IObit)</p><p>AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)</p><p>AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)</p><p>AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version: - )</p><p>Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)</p><p>Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)</p><p>Avery Wizard 5.0 (HKLM-x32\...\{D43E122B-C053-4545-999A-2219BF8F6422}) (Version: 5.0.3 - Avery)</p><p>Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)</p><p>Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden</p><p>CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)</p><p>DavkaWriter 7 (HKLM-x32\...\{3E329396-D66F-4EE5-9D81-BE6C47539304}) (Version: 7.0.28 - Davka Corp)</p><p>Document Translator (HKLM-x32\...\{3046D1AE-D446-4CFF-A136-1A2A38B2840C}) (Version: 1.0.0 - Microsoft Corporation)</p><p>Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)</p><p>Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden</p><p>eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden</p><p>Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden</p><p>Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)</p><p>Ginger (HKLM-x32\...\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.63 - Ginger Software) Hidden</p><p>Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.63 - Ginger Software)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)</p><p>Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)</p><p>Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden</p><p>Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)</p><p>Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden</p><p>Grammarly (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\GrammarlyForWindows) (Version: 1.5.27 - Grammarly)</p><p>Grammarly for Microsoft® Office Suite (HKLM\...\{278DEA03-1D32-4CF3-B964-35F6C76E5BCC}) (Version: 6.4.104.5108 - Grammarly) Hidden</p><p>Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden</p><p>Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)</p><p>iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)</p><p>Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.146.1 - Intel Security)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)</p><p>IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)</p><p>IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)</p><p>Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)</p><p>KeyRocket (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\83fe5c4ae9878b0a) (Version: 2.0.3.15724 - Veodin)</p><p>Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)</p><p>Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)</p><p>Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)</p><p>MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)</p><p>Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)</p><p>Microsoft Office 365 - he-il (HKLM\...\O365HomePremRetail - he-il) (Version: 16.0.8229.2073 - Microsoft Corporation)</p><p>Microsoft Office Proofing Tools 2013 - hrvatski (HKLM-x32\...\{90150000-001F-041A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)</p><p>Microsoft OneDrive (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)</p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)</p><p>Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)</p><p>Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040D-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden</p><p>Omron Wellness Gateway (HKLM-x32\...\{B868407A-F0CB-4AAD-BC1E-8C0A4BB30B16}) (Version: 1.2.0 - Omron)</p><p>QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)</p><p>Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)</p><p>Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)</p><p>Skype for Business Web App Plug-in (HKLM-x32\...\{7EA9A4CD-6875-4F3C-A4D4-42C924AD3CF8}) (Version: 15.8.20020.351 - Microsoft Corporation)</p><p>SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)</p><p>True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}) (Version: 16.0.6514 - Acronis) Hidden</p><p>True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)</p><p>Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)</p><p>Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)</p><p>xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 3.2.0.2 - Zabkat)</p><p>Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)</p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()</p><p>ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()</p><p>ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()</p><p>ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File</p><p>ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File</p><p>ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => -> No File</p><p>ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => -> No File</p><p>ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => -> No File</p><p>ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] ()</p><p>ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] ()</p><p>ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] ()</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File</p><p>ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-02] ()</p><p>ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)</p><p>ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)</p><p>ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ContextMenuHandlers01: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)</p><p>ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)</p><p>ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)</p><p>ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()</p><p>ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)</p><p>ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)</p><p>ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)</p><p>ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()</p><p>ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)</p><p>ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)</p><p>ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)</p><p>ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)</p><p>ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] ()</p><p>ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)</p><p>ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)</p><p>ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-02] ()</p><p>ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)</p><p>ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)</p><p>ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)</p><p>ContextMenuHandlers06: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-07-01] (Microsoft Corporation)</p><p>ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)</p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>Task: {081F7581-3751-4240-9C5A-9F4C1BBAC0DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {138F0058-AE96-4800-A0C5-969F92F72E8F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-27] (Dropbox, Inc.)</p><p>Task: {147A2C5A-87D2-4BFD-8924-32C4F6BCFFA9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {1B7161B1-8940-4E45-A06B-744A9C6FBBDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION</p><p>Task: {1D9BAA15-4235-4F82-8ABD-BE5B3ED39614} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION</p><p>Task: {21885652-4984-462A-B846-EE9F112CACF3} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit)</p><p>Task: {22E4397F-BD79-428C-B371-24A12BD65353} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {23E48F5C-A39D-431F-B2E5-38DD3155FE11} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {2F525B11-78E1-47CD-A70D-4A892831C317} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {3609611A-1165-4E83-AC1E-A22B0D26C52C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe</p><p>Task: {38AC3E0D-917A-4792-9CF9-CA1025A0123C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION</p><p>Task: {3CC8475F-9427-436B-9F6F-C41A04B8CDE7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {417D9384-6F9F-470D-A1CB-D024A1535704} - System32\Tasks\{72F2DB09-B79F-4089-803E-15FCC52B17AA} => pcalua.exe -a D:\Downloads\HL-4570CDW-inst-D2-euus.EXE</p><p>Task: {44239D1A-562B-45BD-BD2F-E6E9EB557097} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {4FF917E1-CC68-464C-9632-4639B963DED0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {52CC1814-C0C9-4322-973F-2624DA3CC545} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {540340FC-E78C-41DF-9DF9-7DEC35F945BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION</p><p>Task: {55639207-CA1B-46D6-9A87-231E641A4C0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-22] (Adobe Systems Incorporated)</p><p>Task: {5DC4A796-2F0F-4888-BB2F-87EFAC7E1ED6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)</p><p>Task: {6167AFF8-50C2-4256-86B6-7363F40A8D1A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {6560E448-AC2E-47F6-90B7-0E8483D1EA87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {6CE721E2-AABD-434C-AA11-D25444015DC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION</p><p>Task: {787C25CB-A899-486F-8DC0-8FE4CD214846} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {79EF84FB-BFD9-487E-B79D-79D9044545D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)</p><p>Task: {7BB81C6F-FD22-4A0D-99AE-3E99B344BDCC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe</p><p>Task: {7C8BE5C1-05B8-4BB9-AFB9-1A68904249E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION</p><p>Task: {7F13B0E2-8732-4FB1-ABCB-632AEB15E5D4} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)</p><p>Task: {810E6077-5E8A-48BF-A23E-0E8E5424F029} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION</p><p>Task: {8527D3AE-12C5-441E-86C9-445BB5286B5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)</p><p>Task: {86B3AE9C-87E0-4E8D-9E83-77A62A357C33} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION</p><p>Task: {89A5DF8C-8E94-4453-9555-2B5050487D3E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {90788341-8FB2-47C7-AF4E-B4A300E8694C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {9088D468-6483-45C7-BBBE-A65D63F968A5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION</p><p>Task: {92CA0967-C3DF-4272-B669-41D50FC23EC9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-30] (Microsoft Corporation)</p><p>Task: {935E8BF6-B111-49FA-9C7C-C5E8351CEC58} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {949456DF-9A9C-4674-AB2A-17BD6B523062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION</p><p>Task: {97515886-A083-44B1-AD25-9E511B0B3DE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)</p><p>Task: {9CA222E5-C77C-4FDB-B763-4F7CC0EDAB18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)</p><p>Task: {A1C71E52-7E04-4CFE-BCF0-06A4A27AB115} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-27] (Dropbox, Inc.)</p><p>Task: {A580D85E-45E8-402A-B108-98028D868B1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION</p><p>Task: {B002F6F7-6402-4351-A061-73A16762E133} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION</p><p>Task: {BD68A7BC-57FB-42CB-A7FB-DE011E451B85} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {C674B080-6338-4AE1-9BC7-DA696D6B3854} - System32\Tasks\{735AEA1C-C720-4A68-92AC-2306DD0B53B3} => pcalua.exe -a C:\Users\Test\Desktop\Y10B_C1-gdi-64-107.EXE -d C:\Users\Test\Desktop</p><p>Task: {C845E1EB-D0E5-4B02-9DEE-8CDF62BF5357} - System32\Tasks\Uninstaller_SkipUac_Test => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)</p><p>Task: {D01F688B-D719-4C9E-B18F-A5BBA977CCFD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {D2FB6AEF-F3C8-472B-9554-933AB85C79DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] ()</p><p>Task: {D4CEA064-12C3-42F7-8EA2-B25075D817BA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>Task: {D6802854-DE71-4A79-8E9D-521416C1BF43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION</p><p>Task: {DD745DDD-E723-452C-92E4-1D5A6EBE177B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] ()</p><p>Task: {DDD716EE-6206-4317-8297-7A8F6C357C1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION</p><p>Task: {E63A1A4E-F97D-4FF6-994D-351A00EDC522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)</p><p>Task: {F1D4F05D-65FB-4601-8129-BEE11547EF86} - System32\Tasks\ASC10_SkipUac_Test => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-05-31] (IObit)</p><p>Task: {F4D89949-676E-409B-A02A-18AC41BE71EC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)</p><p>Task: {F544EFCB-E92C-44FB-8436-0916ACD7039A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION</p><p>Task: {F657332F-9680-49E3-8180-5CCF0EDEB3F2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe</p><p>Task: {FB937466-3667-49CB-BB3A-C7B3204C785A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe</p><p>Task: {FE08E2C0-6E16-4359-BE92-DFCC24CF822F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe</p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p>Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe</p><p>Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Test.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe</p><p>==================== Shortcuts & WMI ========================</p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Awesome Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mfpiaehgjbbfednooihadalhehabhcjo</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for Dropbox.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hlffpaajmfllggclnjppbblobdhokjhe</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jbfdfcehgafdbfpniaimfbfomafoadgo</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk</p><p>ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Video Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gdebnehfojpoccpaocfbelbclfnpbmij</p><p>==================== Loaded Modules (Whitelisted) ==============</p><p>2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll</p><p>2016-07-29 21:27 - 2016-03-18 08:23 - 02151424 _____ () C:\Program Files\Ditto\Ditto.exe</p><p>2017-06-06 03:20 - 2017-06-06 03:21 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll</p><p>2017-06-22 18:29 - 2017-06-22 18:29 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll</p><p>2016-06-30 04:23 - 2016-12-02 16:09 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll</p><p>2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll</p><p>2016-12-07 22:19 - 2017-06-23 22:12 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll</p><p>2017-07-02 02:25 - 2017-07-02 02:25 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll</p><p>2017-06-26 08:37 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl</p><p>2017-06-26 08:37 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl</p><p>2017-06-26 08:37 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl</p><p>2013-11-01 19:03 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\dropbox_watchdog.dll</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_ctypes.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\select.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\tornado.speedups.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_multiprocessing.pyd</p><p>2017-06-26 06:28 - 2017-06-26 06:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._constant_time.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_cffi_backend.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\unicodedata.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._openssl.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._padding.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pyexpat.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\faulthandler.pyd</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pywintypes27.dll</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32api.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.crt.compiled._winffi_crt.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\psutil._psutil_windows.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\fastpath.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32event.pyd</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pythoncom27.dll</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\mmapfile.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32security.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32com.shell.shell.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32file.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.kernel32.compiled._winffi_kernel32.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32clipboard.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32gui.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32pipe.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32process.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32service.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32evtlog.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32profile.pyd</p><p>2017-06-26 06:28 - 2017-06-26 06:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cpuid.compiled._cpuid.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winenumhandles.compiled._WinEnumHandles.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winscreenshot.compiled._CaptureScreenshot.pyd</p><p>2017-06-26 06:28 - 2017-06-26 06:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\breakpad.client.windows.handler.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\dropbox.infinite.win.compiled._driverinstallation.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWidgets.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\sip.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtCore.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtGui.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32ts.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebEngineWidgets.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebChannel.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtNetwork.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebKit.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebKitWidgets.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtPrintSupport.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32print.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winrpcserver.compiled._RPCServer.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.user32.compiled._winffi_user32.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\windisplaytoast.compiled._DisplayToast.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.winerror.compiled._winffi_winerror.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.wininet.compiled._winffi_wininet.pyd</p><p>2017-06-26 06:26 - 2017-06-26 06:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winxpgui.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWinExtras.pyd</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winverifysignature.compiled._VerifySignature.pyd</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\librsyncffi.compiled._librsyncffi.pyd</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\librsync.dll</p><p>2017-06-26 06:29 - 2017-06-26 06:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\enterprise_data.compiled._enterprise_data.pyd</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\EnterpriseDataAdapter.dll</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\libEGL.dll</p><p>2017-06-26 06:27 - 2017-06-26 06:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\libGLESv2.dll</p><p>2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.shcore.compiled._winffi_shcore.pyd</p><p>2017-06-26 08:39 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl</p><p>2017-06-26 08:39 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl</p><p>2017-06-26 08:39 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl</p><p>2017-06-26 08:39 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll</p><p>2017-06-26 08:37 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll</p><p>2017-06-26 08:37 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll</p><p>2017-06-26 08:39 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll</p><p>2017-06-26 08:39 - 2017-05-17 13:45 - 00631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll</p><p>2016-12-07 21:45 - 2017-06-22 18:31 - 00272072 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL</p><p>2016-06-30 07:24 - 2016-12-02 16:09 - 00564736 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll</p><p>2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2017-03-16 16:09 - 2017-03-16 16:09 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p>AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]</p><p>AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [130]</p><p>AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]</p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [64]</p><p>AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]</p><p>==================== Safe Mode (Whitelisted) ===================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>==================== Association (Whitelisted) ===============</p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p>IE trusted site: HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\comcast.net -> hxxps://login.comcast.net</p><p>==================== Hosts content: ==========================</p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p>2009-07-13 22:34 - 2017-07-02 13:59 - 00001225 _____ C:\WINDOWS\system32\Drivers\etc\hosts</p><p>0.0.0.1 mssplus.mcafee.com</p><p>127.0.0.1 [URL="http://www.pckeeper.com"]www.pckeeper.com[/URL]</p><p>127.0.0.1 [URL="http://www.reimageplus.com"]www.reimageplus.com[/URL]</p><p>127.0.0.1 [URL="http://land.pckeeper.software/land/9.6.5/index.php?affid=mzb_299.1791773.1499018050.20.mzb&utm_source=&utm_medium=&utm_campaign=pck_ytz_us_96&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1641011700&tid_ext=pck_ytz_rs_sale;a673f301-660e-4bc5-9138-d4c35fb72c04;a673f301-660e-4bc5-9138-d4c35fb72c04"]PCKeeper[/URL]</p><p>==================== Other Areas ============================</p><p>(Currently there is no automatic fix for this section.)</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\Control Panel\Desktop\\Wallpaper -> </p><p>DNS Servers: 75.75.75.75 - 75.75.76.76</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)</p><p>Windows Firewall is enabled.</p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p>MSCONFIG\Services: ARcltsrv => 2</p><p>HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"</p><p>HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"</p><p>HKLM\...\StartupApproved\StartupFolder: => "Omron Wellness Gateway.lnk"</p><p>HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"</p><p>HKLM\...\StartupApproved\Run: => "FAHConsole"</p><p>HKLM\...\StartupApproved\Run: => "iTunesHelper"</p><p>HKLM\...\StartupApproved\Run: => "EvtMgr6"</p><p>HKLM\...\StartupApproved\Run: => "StartCN"</p><p>HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"</p><p>HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"</p><p>HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"</p><p>HKLM\...\StartupApproved\Run32: => "AvgUi"</p><p>HKLM\...\StartupApproved\Run32: => "Dropbox"</p><p>HKLM\...\StartupApproved\Run32: => "IDrive Background process"</p><p>HKLM\...\StartupApproved\Run32: => "IDrive Tray"</p><p>HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"</p><p>HKLM\...\StartupApproved\Run32: => "PlaysTV"</p><p>HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"</p><p>HKLM\...\StartupApproved\Run32: => "QuickTime Task"</p><p>HKLM\...\StartupApproved\Run32: => "Raptr"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Chromium"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "BingSvc"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Rainlendar2"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Skype"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Messenger (Yahoo!)"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "BlueStacks Agent"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "iCloudServices"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E1D46C574EBA950FEDF46817FE573EFA"</p><p>HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "OneDrive"</p><p>==================== FirewallRules (Whitelisted) ===============</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>FirewallRules: [{DB978970-6535-40F5-A29E-BC2A778CB021}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe</p><p>FirewallRules: [{C68A09D3-2C82-4E84-A529-E042E139E465}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe</p><p>FirewallRules: [{8C528BC7-4410-428F-9108-00EECF53CEA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe</p><p>FirewallRules: [{C218EB3C-1CE5-4E13-950D-B55E5E2898D7}] => (Allow) C:\Windows\SysWOW64\install\Data\Disk1\setup.exe</p><p>FirewallRules: [{909DD55A-3D16-4173-BED1-BFA915C88802}] => (Allow) C:\Windows\SysWOW64\install\Data\Disk1\setup.exe</p><p>FirewallRules: [{7B2F5CA2-6351-4662-8B60-9F7392B33F7B}] => (Allow) C:\Users\Test\AppData\Local\Microsoft\OneDrive\OneDrive.exe</p><p>FirewallRules: [{F3481735-C853-4E5B-B267-82F984CA8A06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{099B0316-8275-4659-9BDC-695A7700F3A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{F3B2E533-B8DC-488C-9B3B-1C72F6497D70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{4032F137-2249-4133-A053-AC84BC094ED5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{DD1AD34F-DE06-43EB-8C52-05A61AC93972}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{C8AC7DD7-BD4C-4546-91C7-2BFBFBEB8C9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{DD06912C-2814-449E-95C7-CD0319A638B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{D35ECC85-07A5-448D-A1F9-FEC0736484E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{50947177-EBE9-4DDF-886D-B726B66C2679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{ED95A5FE-884A-43B9-9A09-AA8E62554AB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [UDP Query User{E600AD31-ECD5-4150-8CF0-13B9C2E704B2}C:\windows\splwow64.exe] => (Block) C:\windows\splwow64.exe</p><p>FirewallRules: [TCP Query User{67B25FBE-91B1-4DB8-B1CE-533908EC6CE3}C:\windows\splwow64.exe] => (Block) C:\windows\splwow64.exe</p><p>FirewallRules: [{F1911002-B03A-4C19-8D6E-D5F1C32E5BA4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe</p><p>FirewallRules: [{12070C65-6AB2-47F0-A854-E2D2AFC3EE37}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe</p><p>FirewallRules: [UDP Query User{2A0612B7-CC58-4F93-998A-DA19413140D5}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe</p><p>FirewallRules: [TCP Query User{74CD6644-72D8-4D1D-8496-6D837BE64030}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe</p><p>FirewallRules: [UDP Query User{465A41BA-5032-4BC6-9E33-C60A6667104D}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe</p><p>FirewallRules: [TCP Query User{FDA9D906-C72C-4A82-A028-02C1551560DA}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe</p><p>FirewallRules: [{8609CCEC-9738-4186-8C79-6EA1ED6ED8A6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe</p><p>FirewallRules: [{8C79D98E-9E9E-4781-9698-5EC2CAD2E557}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe</p><p>FirewallRules: [TCP Query User{F1734726-1EC9-4B49-BB25-0DC1E1BB9287}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe</p><p>FirewallRules: [UDP Query User{8EC1B6AC-A986-4FBD-8BA4-432AD3CCB5F6}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe</p><p>FirewallRules: [{C78E5546-6388-4A2A-962A-1C51846951BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe</p><p>FirewallRules: [{5CC1FD65-DBDA-45D5-A042-0D9BF5D7CCD6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe</p><p>FirewallRules: [{DB3A6513-7A7A-44C8-9A05-620BCAC2463E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe</p><p>FirewallRules: [{D8F959EA-213A-43DD-B824-803229E63DAA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe</p><p>FirewallRules: [{6A4472A9-C644-42EB-A286-B7EC59BCA6D3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe</p><p>FirewallRules: [{B09710D0-667B-43E3-A239-D9BDACFE8C1C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>==================== Restore Points =========================</p><p>ATTENTION: System Restore is disabled</p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>==================== Event log errors: =========================</p><p>Application errors:</p><p>==================</p><p>Error: (07/02/2017 09:39:26 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program dllhost.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.</p><p>Process ID: 3600</p><p>Start Time: 01d2f370ebc2e3e1</p><p>Termination Time: 4294967295</p><p>Application Path: C:\Windows\System32\dllhost.exe</p><p>Report Id: ef116a08-5565-4e06-8f6b-d2dba2967c75</p><p>Faulting package full name:</p><p>Faulting package-relative application ID:</p><p>Error: (07/02/2017 08:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994</p><p>Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000</p><p>Exception code: 0xc0000604</p><p>Fault offset: 0x0000000000000000</p><p>Faulting process id: 0x3e68</p><p>Faulting application start time: 0x01d2f394e8aaacb9</p><p>Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>Faulting module path: unknown</p><p>Report Id: 36eebd0c-f643-4b08-b119-87c01819fafb</p><p>Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe</p><p>Faulting package-relative application ID: ContentProcess</p><p>Error: (07/02/2017 08:40:35 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994</p><p>Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000</p><p>Exception code: 0xc0000604</p><p>Fault offset: 0x0000000000000000</p><p>Faulting process id: 0x3e68</p><p>Faulting application start time: 0x01d2f394e8aaacb9</p><p>Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>Faulting module path: unknown</p><p>Report Id: f22a36ba-5b48-45b0-9d56-c161436caac9</p><p>Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe</p><p>Faulting package-relative application ID: ContentProcess</p><p>Error: (07/02/2017 07:00:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )</p><p>Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).</p><p>Error: (07/02/2017 02:35:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)</p><p>Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5</p><p>Error: (07/02/2017 02:35:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)</p><p>Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5</p><p>Error: (07/02/2017 02:01:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)</p><p>Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy5</p><p>Error: (07/02/2017 01:51:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC)</p><p>Description: Microsoft.Getstarted_8wekyb3d8bbwe5</p><p>Error: (07/02/2017 11:12:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )</p><p>Description: Event-ID 0</p><p>Error: (07/02/2017 05:11:30 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994</p><p>Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb</p><p>Exception code: 0xcfffffff</p><p>Fault offset: 0x00000000000a8c24</p><p>Faulting process id: 0x31f0</p><p>Faulting application start time: 0x01d2f3131a021ee2</p><p>Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll</p><p>Report Id: 5fb96941-c068-46d8-9ed7-229db3aaccbf</p><p>Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe</p><p>Faulting package-relative application ID: ContentProcess</p><p></p><p>System errors:</p><p>=============</p><p>Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{C2F03A33-21F5-47FA-B4BB-156362A2F239}</p><p> and APPID </p><p>{316CDED5-E4AE-4B15-9113-7055D84DCC97}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID </p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{C2F03A33-21F5-47FA-B4BB-156362A2F239}</p><p> and APPID </p><p>{316CDED5-E4AE-4B15-9113-7055D84DCC97}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID </p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID </p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (07/01/2017 02:01:16 PM) (Source: DCOM) (EventID: 10001) (User: OWNER-PC)</p><p>Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:</p><p>"31"</p><p>Happened while starting this command:</p><p>"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca</p><p>Error: (07/01/2017 02:01:15 PM) (Source: DCOM) (EventID: 10010) (User: OWNER-PC)</p><p>Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout.</p><p>Error: (07/01/2017 01:05:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)</p><p>Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. driver update for AMD Radeon HD 6570.</p><p>Error: (07/01/2017 12:55:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The BranchCache service terminated with the following service-specific error: </p><p>This program is blocked by group policy. For more information, contact your system administrator.</p><p>Error: (07/01/2017 12:55:07 PM) (Source: NETLOGON) (EventID: 3095) (User: )</p><p>Description: This computer is configured as a member of a workgroup, not as</p><p>a member of a domain. The Netlogon service does not need to run in this</p><p>configuration.</p><p>Error: (07/01/2017 12:54:14 PM) (Source: WinRM) (EventID: 10142) (User: )</p><p>Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.</p><p></p><p>CodeIntegrity:</p><p>===================================</p><p> Date: 2017-07-02 21:41:45.334</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 21:41:45.333</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 16:39:40.595</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 16:39:40.594</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 02:25:52.635</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 02:25:52.634</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 01:19:56.820</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 01:19:56.818</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 01:05:57.934</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p> Date: 2017-07-02 01:05:57.933</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p>==================== Memory info ===========================</p><p>Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz</p><p>Percentage of memory in use: 49%</p><p>Total physical RAM: 16364.24 MB</p><p>Available physical RAM: 8247.77 MB</p><p>Total Virtual: 19308.24 MB</p><p>Available Virtual: 8946.29 MB</p><p>==================== Drives ================================</p><p>Drive c: () (Fixed) (Total:111.25 GB) (Free:40.27 GB) NTFS</p><p>Drive d: (Storage) (Fixed) (Total:465.76 GB) (Free:198.87 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p>==================== MBR & Partition Table ==================</p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 828833BA)</p><p>Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)</p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 318EDBA3)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=452 MB) - (Type=27)</p><p>==================== End of Addition.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="Frank Truth, post: 647471, member: 63840"] I ran FUBAR and copied the file and pasted it here. [code]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017 Ran by Test (02-07-2017 21:50:16) Running from D:\Downloads Windows 10 Pro Version 1703 (X64) (2017-07-01 16:56:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2498043869-198999186-3455998481-500 - Administrator - Enabled) => C:\Users\Administrator Carla Administrator (S-1-5-21-2498043869-198999186-3455998481-1003 - Administrator - Enabled) DefaultAccount (S-1-5-21-2498043869-198999186-3455998481-503 - Limited - Disabled) Guest (S-1-5-21-2498043869-198999186-3455998481-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2498043869-198999186-3455998481-1002 - Limited - Enabled) Test (S-1-5-21-2498043869-198999186-3455998481-1004 - Administrator - Enabled) => C:\Users\Test ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.4.0 - IObit) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Avery Wizard 5.0 (HKLM-x32\...\{D43E122B-C053-4545-999A-2219BF8F6422}) (Version: 5.0.3 - Avery) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform) DavkaWriter 7 (HKLM-x32\...\{3E329396-D66F-4EE5-9D81-BE6C47539304}) (Version: 7.0.28 - Davka Corp) Document Translator (HKLM-x32\...\{3046D1AE-D446-4CFF-A136-1A2A38B2840C}) (Version: 1.0.0 - Microsoft Corporation) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Ginger (HKLM-x32\...\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.63 - Ginger Software) Hidden Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.63 - Ginger Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grammarly (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\GrammarlyForWindows) (Version: 1.5.27 - Grammarly) Grammarly for Microsoft® Office Suite (HKLM\...\{278DEA03-1D32-4CF3-B964-35F6C76E5BCC}) (Version: 6.4.104.5108 - Grammarly) Hidden Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.) iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.146.1 - Intel Security) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit) IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) KeyRocket (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\83fe5c4ae9878b0a) (Version: 2.0.3.15724 - Veodin) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation) Microsoft Office 365 - he-il (HKLM\...\O365HomePremRetail - he-il) (Version: 16.0.8229.2073 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - hrvatski (HKLM-x32\...\{90150000-001F-041A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040D-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden Omron Wellness Gateway (HKLM-x32\...\{B868407A-F0CB-4AAD-BC1E-8C0A4BB30B16}) (Version: 1.2.0 - Omron) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek) Skype for Business Web App Plug-in (HKLM-x32\...\{7EA9A4CD-6875-4F3C-A4D4-42C924AD3CF8}) (Version: 15.8.20020.351 - Microsoft Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com) True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}) (Version: 16.0.6514 - Acronis) Hidden True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation) xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 3.2.0.2 - Zabkat) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] () ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => -> No File ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => -> No File ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-02] () ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-02] () ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ContextMenuHandlers01: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing) ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google) ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] () ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.) ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] () ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google) ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-12-02] () ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-02] () ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers06: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-07-01] (Microsoft Corporation) ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {081F7581-3751-4240-9C5A-9F4C1BBAC0DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {138F0058-AE96-4800-A0C5-969F92F72E8F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-27] (Dropbox, Inc.) Task: {147A2C5A-87D2-4BFD-8924-32C4F6BCFFA9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1B7161B1-8940-4E45-A06B-744A9C6FBBDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1D9BAA15-4235-4F82-8ABD-BE5B3ED39614} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {21885652-4984-462A-B846-EE9F112CACF3} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit) Task: {22E4397F-BD79-428C-B371-24A12BD65353} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {23E48F5C-A39D-431F-B2E5-38DD3155FE11} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2F525B11-78E1-47CD-A70D-4A892831C317} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3609611A-1165-4E83-AC1E-A22B0D26C52C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {38AC3E0D-917A-4792-9CF9-CA1025A0123C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3CC8475F-9427-436B-9F6F-C41A04B8CDE7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {417D9384-6F9F-470D-A1CB-D024A1535704} - System32\Tasks\{72F2DB09-B79F-4089-803E-15FCC52B17AA} => pcalua.exe -a D:\Downloads\HL-4570CDW-inst-D2-euus.EXE Task: {44239D1A-562B-45BD-BD2F-E6E9EB557097} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4FF917E1-CC68-464C-9632-4639B963DED0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {52CC1814-C0C9-4322-973F-2624DA3CC545} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {540340FC-E78C-41DF-9DF9-7DEC35F945BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {55639207-CA1B-46D6-9A87-231E641A4C0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-22] (Adobe Systems Incorporated) Task: {5DC4A796-2F0F-4888-BB2F-87EFAC7E1ED6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {6167AFF8-50C2-4256-86B6-7363F40A8D1A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6560E448-AC2E-47F6-90B7-0E8483D1EA87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {6CE721E2-AABD-434C-AA11-D25444015DC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {787C25CB-A899-486F-8DC0-8FE4CD214846} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {79EF84FB-BFD9-487E-B79D-79D9044545D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {7BB81C6F-FD22-4A0D-99AE-3E99B344BDCC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {7C8BE5C1-05B8-4BB9-AFB9-1A68904249E7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {7F13B0E2-8732-4FB1-ABCB-632AEB15E5D4} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.) Task: {810E6077-5E8A-48BF-A23E-0E8E5424F029} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {8527D3AE-12C5-441E-86C9-445BB5286B5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation) Task: {86B3AE9C-87E0-4E8D-9E83-77A62A357C33} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {89A5DF8C-8E94-4453-9555-2B5050487D3E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {90788341-8FB2-47C7-AF4E-B4A300E8694C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9088D468-6483-45C7-BBBE-A65D63F968A5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {92CA0967-C3DF-4272-B669-41D50FC23EC9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-30] (Microsoft Corporation) Task: {935E8BF6-B111-49FA-9C7C-C5E8351CEC58} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {949456DF-9A9C-4674-AB2A-17BD6B523062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {97515886-A083-44B1-AD25-9E511B0B3DE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {9CA222E5-C77C-4FDB-B763-4F7CC0EDAB18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd) Task: {A1C71E52-7E04-4CFE-BCF0-06A4A27AB115} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-27] (Dropbox, Inc.) Task: {A580D85E-45E8-402A-B108-98028D868B1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {B002F6F7-6402-4351-A061-73A16762E133} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {BD68A7BC-57FB-42CB-A7FB-DE011E451B85} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C674B080-6338-4AE1-9BC7-DA696D6B3854} - System32\Tasks\{735AEA1C-C720-4A68-92AC-2306DD0B53B3} => pcalua.exe -a C:\Users\Test\Desktop\Y10B_C1-gdi-64-107.EXE -d C:\Users\Test\Desktop Task: {C845E1EB-D0E5-4B02-9DEE-8CDF62BF5357} - System32\Tasks\Uninstaller_SkipUac_Test => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit) Task: {D01F688B-D719-4C9E-B18F-A5BBA977CCFD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D2FB6AEF-F3C8-472B-9554-933AB85C79DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] () Task: {D4CEA064-12C3-42F7-8EA2-B25075D817BA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D6802854-DE71-4A79-8E9D-521416C1BF43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {DD745DDD-E723-452C-92E4-1D5A6EBE177B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] () Task: {DDD716EE-6206-4317-8297-7A8F6C357C1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {E63A1A4E-F97D-4FF6-994D-351A00EDC522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {F1D4F05D-65FB-4601-8129-BEE11547EF86} - System32\Tasks\ASC10_SkipUac_Test => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-05-31] (IObit) Task: {F4D89949-676E-409B-A02A-18AC41BE71EC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation) Task: {F544EFCB-E92C-44FB-8436-0916ACD7039A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F657332F-9680-49E3-8180-5CCF0EDEB3F2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {FB937466-3667-49CB-BB3A-C7B3204C785A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {FE08E2C0-6E16-4359-BE92-DFCC24CF822F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Test.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Awesome Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mfpiaehgjbbfednooihadalhehabhcjo ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for Dropbox.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hlffpaajmfllggclnjppbblobdhokjhe ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jbfdfcehgafdbfpniaimfbfomafoadgo ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Video Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gdebnehfojpoccpaocfbelbclfnpbmij ==================== Loaded Modules (Whitelisted) ============== 2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-06-22 18:29 - 2017-06-22 18:29 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-22 18:29 - 2017-06-22 18:29 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-22 18:29 - 2017-06-22 18:29 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-22 18:29 - 2017-06-22 18:29 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll 2016-07-29 21:27 - 2016-03-18 08:23 - 02151424 _____ () C:\Program Files\Ditto\Ditto.exe 2017-06-06 03:20 - 2017-06-06 03:21 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-22 18:29 - 2017-06-22 18:29 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll 2017-06-22 18:29 - 2017-06-22 18:29 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-06-22 18:29 - 2017-06-22 18:29 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2016-06-30 04:23 - 2016-12-02 16:09 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-12-07 22:19 - 2017-06-23 22:12 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-07-02 02:25 - 2017-07-02 02:25 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2017-06-26 08:37 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-06-26 08:37 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-06-26 08:37 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2013-11-01 19:03 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-06-26 06:27 - 2017-06-26 06:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\dropbox_watchdog.dll 2017-06-26 06:26 - 2017-06-26 06:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_ctypes.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\select.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\tornado.speedups.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_multiprocessing.pyd 2017-06-26 06:28 - 2017-06-26 06:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._constant_time.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\_cffi_backend.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\unicodedata.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._openssl.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cryptography.hazmat.bindings._padding.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pyexpat.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\faulthandler.pyd 2017-06-26 06:27 - 2017-06-26 06:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pywintypes27.dll 2017-06-26 06:26 - 2017-06-26 06:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32api.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.crt.compiled._winffi_crt.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\psutil._psutil_windows.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\fastpath.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32event.pyd 2017-06-26 06:27 - 2017-06-26 06:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\pythoncom27.dll 2017-06-26 06:26 - 2017-06-26 06:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\mmapfile.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32security.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32com.shell.shell.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32file.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32clipboard.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32gui.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32pipe.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32process.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32service.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32evtlog.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32profile.pyd 2017-06-26 06:28 - 2017-06-26 06:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\cpuid.compiled._cpuid.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winenumhandles.compiled._WinEnumHandles.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winscreenshot.compiled._CaptureScreenshot.pyd 2017-06-26 06:28 - 2017-06-26 06:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\breakpad.client.windows.handler.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWidgets.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\sip.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtCore.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtGui.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32ts.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebEngineWidgets.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebChannel.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtNetwork.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebKit.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWebKitWidgets.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtPrintSupport.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\win32print.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winrpcserver.compiled._RPCServer.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.user32.compiled._winffi_user32.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\windisplaytoast.compiled._DisplayToast.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.winerror.compiled._winffi_winerror.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.wininet.compiled._winffi_wininet.pyd 2017-06-26 06:26 - 2017-06-26 06:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winxpgui.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\PyQt5.QtWinExtras.pyd 2017-06-26 06:30 - 2017-06-26 06:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winverifysignature.compiled._VerifySignature.pyd 2017-06-26 06:29 - 2017-06-26 06:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\librsyncffi.compiled._librsyncffi.pyd 2017-06-26 06:27 - 2017-06-26 06:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\librsync.dll 2017-06-26 06:29 - 2017-06-26 06:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\enterprise_data.compiled._enterprise_data.pyd 2017-06-26 06:27 - 2017-06-26 06:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\EnterpriseDataAdapter.dll 2017-06-26 06:27 - 2017-06-26 06:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\libEGL.dll 2017-06-26 06:27 - 2017-06-26 06:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\libGLESv2.dll 2017-06-26 06:30 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client_29.4.20\winffi.shcore.compiled._winffi_shcore.pyd 2017-06-26 08:39 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2017-06-26 08:39 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2017-06-26 08:39 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2017-06-26 08:39 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll 2017-06-26 08:37 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-06-26 08:37 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll 2017-06-26 08:39 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2017-06-26 08:39 - 2017-05-17 13:45 - 00631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2016-12-07 21:45 - 2017-06-22 18:31 - 00272072 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL 2016-06-30 07:24 - 2016-12-02 16:09 - 00564736 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll 2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-16 16:09 - 2017-03-16 16:09 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\comcast.net -> hxxps://login.comcast.net ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2017-07-02 13:59 - 00001225 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com 127.0.0.1 [URL="http://www.pckeeper.com"]www.pckeeper.com[/URL] 127.0.0.1 [URL="http://www.reimageplus.com"]www.reimageplus.com[/URL] 127.0.0.1 [URL="http://land.pckeeper.software/land/9.6.5/index.php?affid=mzb_299.1791773.1499018050.20.mzb&utm_source=&utm_medium=&utm_campaign=pck_ytz_us_96&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1641011700&tid_ext=pck_ytz_rs_sale;a673f301-660e-4bc5-9138-d4c35fb72c04;a673f301-660e-4bc5-9138-d4c35fb72c04"]PCKeeper[/URL] ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2498043869-198999186-3455998481-1004\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: ARcltsrv => 2 HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => "Omron Wellness Gateway.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run: => "FAHConsole" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "EvtMgr6" HKLM\...\StartupApproved\Run: => "StartCN" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "AvgUi" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "IDrive Background process" HKLM\...\StartupApproved\Run32: => "IDrive Tray" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Rainlendar2" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "Messenger (Yahoo!)" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E1D46C574EBA950FEDF46817FE573EFA" HKU\S-1-5-21-2498043869-198999186-3455998481-1004\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DB978970-6535-40F5-A29E-BC2A778CB021}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{C68A09D3-2C82-4E84-A529-E042E139E465}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{8C528BC7-4410-428F-9108-00EECF53CEA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{C218EB3C-1CE5-4E13-950D-B55E5E2898D7}] => (Allow) C:\Windows\SysWOW64\install\Data\Disk1\setup.exe FirewallRules: [{909DD55A-3D16-4173-BED1-BFA915C88802}] => (Allow) C:\Windows\SysWOW64\install\Data\Disk1\setup.exe FirewallRules: [{7B2F5CA2-6351-4662-8B60-9F7392B33F7B}] => (Allow) C:\Users\Test\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{F3481735-C853-4E5B-B267-82F984CA8A06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{099B0316-8275-4659-9BDC-695A7700F3A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F3B2E533-B8DC-488C-9B3B-1C72F6497D70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4032F137-2249-4133-A053-AC84BC094ED5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DD1AD34F-DE06-43EB-8C52-05A61AC93972}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C8AC7DD7-BD4C-4546-91C7-2BFBFBEB8C9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DD06912C-2814-449E-95C7-CD0319A638B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D35ECC85-07A5-448D-A1F9-FEC0736484E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{50947177-EBE9-4DDF-886D-B726B66C2679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ED95A5FE-884A-43B9-9A09-AA8E62554AB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{E600AD31-ECD5-4150-8CF0-13B9C2E704B2}C:\windows\splwow64.exe] => (Block) C:\windows\splwow64.exe FirewallRules: [TCP Query User{67B25FBE-91B1-4DB8-B1CE-533908EC6CE3}C:\windows\splwow64.exe] => (Block) C:\windows\splwow64.exe FirewallRules: [{F1911002-B03A-4C19-8D6E-D5F1C32E5BA4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{12070C65-6AB2-47F0-A854-E2D2AFC3EE37}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [UDP Query User{2A0612B7-CC58-4F93-998A-DA19413140D5}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe FirewallRules: [TCP Query User{74CD6644-72D8-4D1D-8496-6D837BE64030}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe FirewallRules: [UDP Query User{465A41BA-5032-4BC6-9E33-C60A6667104D}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe FirewallRules: [TCP Query User{FDA9D906-C72C-4A82-A028-02C1551560DA}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe FirewallRules: [{8609CCEC-9738-4186-8C79-6EA1ED6ED8A6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{8C79D98E-9E9E-4781-9698-5EC2CAD2E557}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [TCP Query User{F1734726-1EC9-4B49-BB25-0DC1E1BB9287}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe FirewallRules: [UDP Query User{8EC1B6AC-A986-4FBD-8BA4-432AD3CCB5F6}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe FirewallRules: [{C78E5546-6388-4A2A-962A-1C51846951BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{5CC1FD65-DBDA-45D5-A042-0D9BF5D7CCD6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{DB3A6513-7A7A-44C8-9A05-620BCAC2463E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{D8F959EA-213A-43DD-B824-803229E63DAA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{6A4472A9-C644-42EB-A286-B7EC59BCA6D3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{B09710D0-667B-43E3-A239-D9BDACFE8C1C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2017 09:39:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dllhost.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3600 Start Time: 01d2f370ebc2e3e1 Termination Time: 4294967295 Application Path: C:\Windows\System32\dllhost.exe Report Id: ef116a08-5565-4e06-8f6b-d2dba2967c75 Faulting package full name: Faulting package-relative application ID: Error: (07/02/2017 08:40:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000604 Fault offset: 0x0000000000000000 Faulting process id: 0x3e68 Faulting application start time: 0x01d2f394e8aaacb9 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: unknown Report Id: 36eebd0c-f643-4b08-b119-87c01819fafb Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (07/02/2017 08:40:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000604 Fault offset: 0x0000000000000000 Faulting process id: 0x3e68 Faulting application start time: 0x01d2f394e8aaacb9 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: unknown Report Id: f22a36ba-5b48-45b0-9d56-c161436caac9 Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (07/02/2017 07:00:09 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (07/02/2017 02:35:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC) Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5 Error: (07/02/2017 02:35:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC) Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5 Error: (07/02/2017 02:01:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC) Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy5 Error: (07/02/2017 01:51:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OWNER-PC) Description: Microsoft.Getstarted_8wekyb3d8bbwe5 Error: (07/02/2017 11:12:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/02/2017 05:11:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994 Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb Exception code: 0xcfffffff Fault offset: 0x00000000000a8c24 Faulting process id: 0x31f0 Faulting application start time: 0x01d2f3131a021ee2 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 5fb96941-c068-46d8-9ed7-229db3aaccbf Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess System errors: ============= Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/01/2017 02:16:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/01/2017 02:01:16 PM) (Source: DCOM) (EventID: 10001) (User: OWNER-PC) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca Error: (07/01/2017 02:01:15 PM) (Source: DCOM) (EventID: 10010) (User: OWNER-PC) Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout. Error: (07/01/2017 01:05:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. driver update for AMD Radeon HD 6570. Error: (07/01/2017 12:55:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The BranchCache service terminated with the following service-specific error: This program is blocked by group policy. For more information, contact your system administrator. Error: (07/01/2017 12:55:07 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (07/01/2017 12:54:14 PM) (Source: WinRM) (EventID: 10142) (User: ) Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists. CodeIntegrity: =================================== Date: 2017-07-02 21:41:45.334 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 21:41:45.333 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 16:39:40.595 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 16:39:40.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 02:25:52.635 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 02:25:52.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 01:19:56.820 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 01:19:56.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 01:05:57.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 01:05:57.933 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 49% Total physical RAM: 16364.24 MB Available physical RAM: 8247.77 MB Total Virtual: 19308.24 MB Available Virtual: 8946.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.25 GB) (Free:40.27 GB) NTFS Drive d: (Storage) (Fixed) (Total:465.76 GB) (Free:198.87 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 828833BA) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 318EDBA3) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=452 MB) - (Type=27) ==================== End of Addition.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top