Delete action everywhere...(emma)

E

ekijem

Member
Joined
Jun 2, 2016
Posts
16
Location
Douala, Cameroon
Hi All,

I have an HP ENVY Laptop with 16 GB RAM running 64-bit Windows 10 Home Edition. The laptop is protected byt McAfee LiveSafe and MALWAREBYTES premium edition.

Since yesterday, I started noticing the following:

1) when you double-click on a desktop icon, it activates the program normally but then the icon is mysteriously deleted. Audio and video files simply generate error messages. I uses VLC media player.
2) also double-clicking on these desktop icons also generates an endless chain of pop up boxes asking if you want to cancel the transfer. You have to click cancel several times before they disappear.
3) I just noticed this morning that I couldn't use by Yahoo Mail inbox normally. When you click on a mail to see its contents, the contents of the whole inbox are emptied into the trash. If you follow them to the trash folder and try to restore them to the inbox, you keep getting the pop-up message asking if you want to delete the message permanently. So I've had to go into the trash and try to restore them one by one on my phone instead.
4) I've run anti-virus and anti-malware scans but they picked up nothing.

I've been advised to make sure the "delete" keys are not stuck. I checked them out and tried to lift them up. Things work for a while but then just after a few minutes, the whole nightmare started again.

I'm at my wits end. I need help urgently. Please help.

Kind regards,

Emmanuel.
 
Hi, Emmanuel.

I took a quick look at the BSOD help topic you posted last month. The one thing that jumped out is that you said that you use the UNIBLUE POWERSUITE software. I strongly suggest you consider the review of that software here: uniblue.com | WOT Reputation Scorecard | WOT (Web of Trust). Personally, I would not entrust the management of my computer to any third party program.

That said, the symptoms you are describing do not sound like malware. However, if you would like me to review your logs, please follow the instructions here: Malware Removal Posting Instructions.
 
Hi Corrine,

Thanks very much for your reply. I've taken your advice and uninstalled UNIBLUE POWERSUITE. You're right about the software; it sometimes get flagged as malware. I mainly used it to update my device drivers and to clean the registry. I guess I'll stick to CCLEANER for cleaning the registry. Do you have any recommendation for monitoring and updating device drivers?

I've run the system analysis programs and I have the 3 output files. But I'm having some serious trouble copying the contents to paste in this post, as required. Every time I open the file, the delete action starts from the top right corner of the contents and proceeds rapidly to the left to take out the first line. This proceeds line by until you close the file. If you "select all" everything is deleted in one move. I'm trying to figure out a way to send the results.

Regards,

Emma
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Emma (16-08-2016 14:33:32)
Running from C:\Users\Emma\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-04 09:04:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3887387696-3175185611-1160480504-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3887387696-3175185611-1160480504-503 - Limited - Disabled)
Emma (S-1-5-21-3887387696-3175185611-1160480504-1001 - Administrator - Enabled) => C:\Users\Emma
Guest (S-1-5-21-3887387696-3175185611-1160480504-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Flux) (Version: - )
FoxArc Screen Capture V1.4 (HKLM-x32\...\FoxArc Screen Capture) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.18 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.159 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
novaPDF 8 SDK COM (x64) (HKLM\...\{2A16E811-1C7B-4483-96F7-226C8D738F34}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.69 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7882 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Synaptics WBF DDK (HKLM\...\{963DDEF5-52CF-4313-81D9-B186B89C0A57}) (Version: 4.5.289.0 - Synaptics)
Syncios 5.0.5 (HKLM-x32\...\Syncios) (Version: 5.0.5 - Anvsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\WhatsApp) (Version: 0.2.936 - WhatsApp)
Windows Driver Package - Intel Corporation (iaStorA) HDC (11/04/2015 14.8.0.1042) (HKLM\...\34C461BD099454731CD5F260D009E37CD73324C2) (Version: 11/04/2015 14.8.0.1042 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter (11/04/2015 14.8.0.1042) (HKLM\...\27E1A4BC5F7267577E7D7D42399B20C917EF014B) (Version: 11/04/2015 14.8.0.1042 - Intel Corporation)
Windows Driver Package - Intel Corporation (igfx) Display (04/22/2016 20.19.15.4444) (HKLM\...\875AB26E755B4F18452E067BB8591120A7DCB81D) (Version: 04/22/2016 20.19.15.4444 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3887387696-3175185611-1160480504-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Emma\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BC68C4-2475-46B5-BA9E-23605C0DBE29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-30] (Microsoft Corporation)
Task: {0C26875C-0BE8-447E-8547-ACE920E54EC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {0D53FDDB-A4FC-4181-B21F-DD95CE7665C4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-22] (Dropbox, Inc.)
Task: {18978906-51D6-40E6-BFAB-B0FB6A446714} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {245F5AF7-2360-4DE3-ACCF-01ED34806FA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {33B88380-DD1B-46C1-AC1F-8EEFBBBCB917} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-24] (AVAST Software)
Task: {346DCDA8-F6C9-46F8-9044-9D68BCF8DF82} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {34F6B04E-CC19-4692-86F3-500FFF3A1D77} - System32\Tasks\HPCeeScheduleForEmma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {36A4CAF9-7992-4156-87E4-F68215F464F5} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-03] (Hewlett-Packard)
Task: {3B16FE72-FC26-4369-A13D-4F11EBB7656F} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-03] (Hewlett-Packard)
Task: {46E44B4E-9BC8-4F65-877D-B8A12E58A284} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-03] (Hewlett-Packard)
Task: {4F3374AD-78BE-4710-975B-3891FF522ED6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {4F4E709B-14FE-4F22-8099-89DDB83A7D7F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {54D9F79A-1CB9-473C-87F4-B5A7892F3AF8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {5AF1E039-E365-458D-8CB3-687CEAE4E41E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {610B8EDE-D040-4647-8D76-5864D4B849A7} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {63FD1F5E-F379-456A-BD18-05612CD81883} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {691E7520-1013-4D32-8F10-212DB7E61E4D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {75D05DB8-784E-4988-A89A-13F7225CE43C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {7967D061-7349-49D5-8802-945E570AB71F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {7C63AC16-C8BD-4ABF-ABF9-79EF1DD29194} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {7CBFBB40-8D13-4289-B9E6-C20339F8CAEF} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-03-01] (AVAST Software)
Task: {82CE595E-4143-4BE9-B50C-45FCF01BEC47} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-06-29] (McAfee, Inc.)
Task: {86DC4A2A-0FFE-4204-9E75-C50C0D240993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {8D020CDA-E7A8-4DE1-9F03-ABBC6E0DE8D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {8E2069F6-BD30-418F-8C75-549223A3767C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {B379D243-619C-4071-9A8F-6C2187F952B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {C7BD5C2E-2BB1-4A29-9015-C7B9D5A51CCC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-30] (Microsoft Corporation)
Task: {D19C984D-1FFD-4F0C-B1F8-9B0B2D44F42C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {D3CBF3B2-281A-47EE-A0BA-D01193BB3977} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E20DCCE8-3A3D-4305-B042-FC889E85B75D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {E9F55AC7-C93C-4278-9056-C11A6CF8D9AD} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {FE4153A5-727C-4984-9563-74933B464277} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {FEB69FC2-A454-4653-B3CB-829B4D157D36} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {FEC012CA-2D8A-4106-8DD6-5F5C42E82B95} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-22] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEmma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-04 09:35 - 2016-06-29 18:50 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-10 12:33 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-11-27 18:27 - 2014-04-15 03:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-05-24 06:18 - 2016-05-24 06:18 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-06-13 10:56 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-13 09:17 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 09:17 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-04 10:13 - 2016-05-04 10:13 - 00959176 _____ () C:\Users\Emma\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-05-08 20:24 - 2016-05-08 20:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 09:20 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 09:20 - 2016-07-01 04:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-13 09:17 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 09:18 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 09:17 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 09:17 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-04 19:34 - 2013-06-27 09:53 - 00413696 _____ () C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort.exe
2016-06-13 10:56 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-29 09:11 - 2016-05-24 16:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-05-08 20:24 - 2016-05-08 20:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-08 20:24 - 2016-05-08 20:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-27 17:55 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-24 06:23 - 2016-05-24 06:23 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "Further Market Inc."
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "DriverAgent Plus"
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D5924B0D-169E-42A2-BC46-DDB52306D657}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BDCD754-CAB0-4677-9825-2CF220561A90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EFE2AE19-2CC9-47F3-8F81-9579070B078E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{49D54DE4-BB70-4688-BC9B-BA706A7053DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F396249-B566-4606-8CDC-66FEF54294D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFCE8F49-4BD6-482D-BEE3-E8BB74F80C3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EBEB164-9BD9-45FF-A673-6C2C0CFF910D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{02EA63F2-57F6-45FD-88CC-F30027815A5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A9B0E43F-0048-4349-AFA6-7CA6C6794B18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{42F77EF4-1386-4367-B373-E50F6AB7D3A6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{39ED1725-779C-4523-81E3-70A1B38920C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{EADEF734-FE26-4F47-BE66-97E121569A93}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{6A647A35-55E0-47A5-A1E7-B00A7A576198}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{D4FE9ED5-01D0-4E77-A2A6-0068FCEA1F46}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{D6849D36-D85B-476D-A9A8-D3AF8A1ABFA5}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D46D2A7C-4396-4AEC-B95B-4AD292A40A8E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{E642F7A9-09B3-4E3F-8D3E-9724FB576B07}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BE2BB129-ECAA-498E-9835-0BDAAD98B3A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E35ECB95-8CBF-4F64-A8DE-814A7B9FF7B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{911CFAE6-559B-400D-AEB6-3EA650A15729}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C3594FC0-3EF9-47C0-9793-DED47679E945}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{AC593668-D8B2-4A51-8977-3B29CE85D179}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7544D5CF-D1CD-425F-BEF8-EA5BD4B4E7BD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4018378E-1ED3-43E2-8D11-621E5E4209A6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C3161AEB-7741-4287-92EC-B04BD88EABFA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{25F17D68-F668-4A7E-8911-5270EABD0950}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{401EB579-65AB-4745-8363-1E673677760B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AF78762D-CB63-4A99-A36C-5D543F8A5BDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{10CC961B-9B99-4E06-8DE6-1C2E066B7904}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94173BE2-90A1-4A90-8996-359A58E935FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8568281F-2A66-44E9-BAB2-E4638F8851F5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{23F7EDCF-70D3-4DA1-B397-E579166E78B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{13D0B740-4F14-43DF-90FF-B5ED15B9A9BF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{56D81B7F-940A-49F8-A034-B428490809FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-08-2016 07:55:21 Scheduled Checkpoint
13-08-2016 07:51:39 Windows Update
13-08-2016 07:52:15 Windows Modules Installer
15-08-2016 18:44:40 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2016 02:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002e909
Faulting process id: 0xc38
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3
Faulting package full name: NvStreamUserAgent.exe4
Faulting package-relative application ID: NvStreamUserAgent.exe5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-7VSNGC5.local already in use; will try DESKTOP-7VSNGC5-2.local instead

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 16 DESKTOP-7VSNGC5.local. AAAA FDEC:233D:9B4E:8E00:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 DESKTOP-7VSNGC5.local. AAAA FE80:0000:0000:0000:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 DESKTOP-7VSNGC5.local. AAAA FE80:0000:0000:0000:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 DESKTOP-7VSNGC5.local. AAAA FE80:0000:0000:0000:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5


System errors:
=============
Error: (08/16/2016 12:04:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 10:36:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee CSP Service service hung on starting.

Error: (08/16/2016 10:29:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_f90a4a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 10:29:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 07:57:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-08-15 19:13:09.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 17:47:42.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 10:09:26.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 08:08:55.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-14 14:42:33.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-13 18:22:20.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-13 15:15:46.228
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-13 14:34:46.889
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-11 08:44:32.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-09 19:38:03.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16306.26 MB
Available physical RAM: 13397.21 MB
Total Virtual: 19376.26 MB
Available Virtual: 16665.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.63 GB) (Free:729.1 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.67 GB) (Free:1.54 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 218E063C)

Partition: GPT.

==================== End of Addition.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Emma (16-08-2016 14:33:32)
Running from C:\Users\Emma\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-04 09:04:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3887387696-3175185611-1160480504-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3887387696-3175185611-1160480504-503 - Limited - Disabled)
Emma (S-1-5-21-3887387696-3175185611-1160480504-1001 - Administrator - Enabled) => C:\Users\Emma
Guest (S-1-5-21-3887387696-3175185611-1160480504-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Flux) (Version: - )
FoxArc Screen Capture V1.4 (HKLM-x32\...\FoxArc Screen Capture) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.18 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.159 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
novaPDF 8 SDK COM (x64) (HKLM\...\{2A16E811-1C7B-4483-96F7-226C8D738F34}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.69 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7882 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Synaptics WBF DDK (HKLM\...\{963DDEF5-52CF-4313-81D9-B186B89C0A57}) (Version: 4.5.289.0 - Synaptics)
Syncios 5.0.5 (HKLM-x32\...\Syncios) (Version: 5.0.5 - Anvsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\WhatsApp) (Version: 0.2.936 - WhatsApp)
Windows Driver Package - Intel Corporation (iaStorA) HDC (11/04/2015 14.8.0.1042) (HKLM\...\34C461BD099454731CD5F260D009E37CD73324C2) (Version: 11/04/2015 14.8.0.1042 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter (11/04/2015 14.8.0.1042) (HKLM\...\27E1A4BC5F7267577E7D7D42399B20C917EF014B) (Version: 11/04/2015 14.8.0.1042 - Intel Corporation)
Windows Driver Package - Intel Corporation (igfx) Display (04/22/2016 20.19.15.4444) (HKLM\...\875AB26E755B4F18452E067BB8591120A7DCB81D) (Version: 04/22/2016 20.19.15.4444 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3887387696-3175185611-1160480504-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Emma\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BC68C4-2475-46B5-BA9E-23605C0DBE29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-30] (Microsoft Corporation)
Task: {0C26875C-0BE8-447E-8547-ACE920E54EC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {0D53FDDB-A4FC-4181-B21F-DD95CE7665C4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-22] (Dropbox, Inc.)
Task: {18978906-51D6-40E6-BFAB-B0FB6A446714} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {245F5AF7-2360-4DE3-ACCF-01ED34806FA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {33B88380-DD1B-46C1-AC1F-8EEFBBBCB917} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-24] (AVAST Software)
Task: {346DCDA8-F6C9-46F8-9044-9D68BCF8DF82} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {34F6B04E-CC19-4692-86F3-500FFF3A1D77} - System32\Tasks\HPCeeScheduleForEmma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {36A4CAF9-7992-4156-87E4-F68215F464F5} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-03] (Hewlett-Packard)
Task: {3B16FE72-FC26-4369-A13D-4F11EBB7656F} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-03] (Hewlett-Packard)
Task: {46E44B4E-9BC8-4F65-877D-B8A12E58A284} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-03] (Hewlett-Packard)
Task: {4F3374AD-78BE-4710-975B-3891FF522ED6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {4F4E709B-14FE-4F22-8099-89DDB83A7D7F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {54D9F79A-1CB9-473C-87F4-B5A7892F3AF8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {5AF1E039-E365-458D-8CB3-687CEAE4E41E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {610B8EDE-D040-4647-8D76-5864D4B849A7} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {63FD1F5E-F379-456A-BD18-05612CD81883} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {691E7520-1013-4D32-8F10-212DB7E61E4D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {75D05DB8-784E-4988-A89A-13F7225CE43C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {7967D061-7349-49D5-8802-945E570AB71F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {7C63AC16-C8BD-4ABF-ABF9-79EF1DD29194} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {7CBFBB40-8D13-4289-B9E6-C20339F8CAEF} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-03-01] (AVAST Software)
Task: {82CE595E-4143-4BE9-B50C-45FCF01BEC47} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-06-29] (McAfee, Inc.)
Task: {86DC4A2A-0FFE-4204-9E75-C50C0D240993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {8D020CDA-E7A8-4DE1-9F03-ABBC6E0DE8D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {8E2069F6-BD30-418F-8C75-549223A3767C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {B379D243-619C-4071-9A8F-6C2187F952B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {C7BD5C2E-2BB1-4A29-9015-C7B9D5A51CCC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-30] (Microsoft Corporation)
Task: {D19C984D-1FFD-4F0C-B1F8-9B0B2D44F42C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {D3CBF3B2-281A-47EE-A0BA-D01193BB3977} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E20DCCE8-3A3D-4305-B042-FC889E85B75D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {E9F55AC7-C93C-4278-9056-C11A6CF8D9AD} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {FE4153A5-727C-4984-9563-74933B464277} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {FEB69FC2-A454-4653-B3CB-829B4D157D36} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {FEC012CA-2D8A-4106-8DD6-5F5C42E82B95} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-22] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEmma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-04 09:35 - 2016-06-29 18:50 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-10 12:33 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-11-27 18:27 - 2014-04-15 03:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-05-24 06:18 - 2016-05-24 06:18 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-06-13 10:56 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-13 09:17 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 09:17 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-04 10:13 - 2016-05-04 10:13 - 00959176 _____ () C:\Users\Emma\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-05-08 20:24 - 2016-05-08 20:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 09:20 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 09:20 - 2016-07-01 04:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-13 09:17 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 09:18 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 09:17 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 09:17 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-04 19:34 - 2013-06-27 09:53 - 00413696 _____ () C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort.exe
2016-06-13 10:56 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-13 10:56 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-29 09:11 - 2016-05-24 16:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-05-08 20:24 - 2016-05-08 20:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-08 20:24 - 2016-05-08 20:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-27 17:55 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-24 06:23 - 2016-05-24 06:23 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "Further Market Inc."
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "DriverAgent Plus"
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D5924B0D-169E-42A2-BC46-DDB52306D657}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BDCD754-CAB0-4677-9825-2CF220561A90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EFE2AE19-2CC9-47F3-8F81-9579070B078E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{49D54DE4-BB70-4688-BC9B-BA706A7053DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F396249-B566-4606-8CDC-66FEF54294D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFCE8F49-4BD6-482D-BEE3-E8BB74F80C3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EBEB164-9BD9-45FF-A673-6C2C0CFF910D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{02EA63F2-57F6-45FD-88CC-F30027815A5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A9B0E43F-0048-4349-AFA6-7CA6C6794B18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{42F77EF4-1386-4367-B373-E50F6AB7D3A6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{39ED1725-779C-4523-81E3-70A1B38920C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{EADEF734-FE26-4F47-BE66-97E121569A93}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{6A647A35-55E0-47A5-A1E7-B00A7A576198}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{D4FE9ED5-01D0-4E77-A2A6-0068FCEA1F46}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{D6849D36-D85B-476D-A9A8-D3AF8A1ABFA5}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D46D2A7C-4396-4AEC-B95B-4AD292A40A8E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{E642F7A9-09B3-4E3F-8D3E-9724FB576B07}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BE2BB129-ECAA-498E-9835-0BDAAD98B3A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E35ECB95-8CBF-4F64-A8DE-814A7B9FF7B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{911CFAE6-559B-400D-AEB6-3EA650A15729}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C3594FC0-3EF9-47C0-9793-DED47679E945}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{AC593668-D8B2-4A51-8977-3B29CE85D179}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7544D5CF-D1CD-425F-BEF8-EA5BD4B4E7BD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4018378E-1ED3-43E2-8D11-621E5E4209A6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C3161AEB-7741-4287-92EC-B04BD88EABFA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{25F17D68-F668-4A7E-8911-5270EABD0950}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{401EB579-65AB-4745-8363-1E673677760B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AF78762D-CB63-4A99-A36C-5D543F8A5BDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{10CC961B-9B99-4E06-8DE6-1C2E066B7904}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94173BE2-90A1-4A90-8996-359A58E935FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8568281F-2A66-44E9-BAB2-E4638F8851F5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{23F7EDCF-70D3-4DA1-B397-E579166E78B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{13D0B740-4F14-43DF-90FF-B5ED15B9A9BF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{56D81B7F-940A-49F8-A034-B428490809FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-08-2016 07:55:21 Scheduled Checkpoint
13-08-2016 07:51:39 Windows Update
13-08-2016 07:52:15 Windows Modules Installer
15-08-2016 18:44:40 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2016 02:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002e909
Faulting process id: 0xc38
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3
Faulting package full name: NvStreamUserAgent.exe4
Faulting package-relative application ID: NvStreamUserAgent.exe5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-7VSNGC5.local already in use; will try DESKTOP-7VSNGC5-2.local instead

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 16 DESKTOP-7VSNGC5.local. AAAA FDEC:233D:9B4E:8E00:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 DESKTOP-7VSNGC5.local. AAAA FE80:0000:0000:0000:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 DESKTOP-7VSNGC5.local. AAAA FE80:0000:0000:0000:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 DESKTOP-7VSNGC5.local. AAAA FE80:0000:0000:0000:AC10:1595:CEE1:3BA7

Error: (08/16/2016 02:04:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 DESKTOP-7VSNGC5.local. Addr 192.168.1.5


System errors:
=============
Error: (08/16/2016 12:04:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 10:36:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee CSP Service service hung on starting.

Error: (08/16/2016 10:29:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_f90a4a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 10:29:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1de8c1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 08:27:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2016 07:57:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-08-15 19:13:09.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 17:47:42.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 10:09:26.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 08:08:55.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-14 14:42:33.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-13 18:22:20.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-13 15:15:46.228
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-13 14:34:46.889
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-11 08:44:32.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-09 19:38:03.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16306.26 MB
Available physical RAM: 13397.21 MB
Total Virtual: 19376.26 MB
Available Virtual: 16665.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.63 GB) (Free:729.1 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.67 GB) (Free:1.54 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 218E063C)

Partition: GPT.

==================== End of Addition.txt ============================
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 5th August 2016
Running from:C:\Users\Emma\Desktop (14:38:01 - 08/16/2016)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
McAfee Anti-Virus and Anti-Spyware (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
McAfee Firewall
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 22.0.0.209)
Java (version 8.101.13)
CCleaner -- An older version than (5.20) is installed.
Google Chrome (version 52)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Mozilla Firefox -- An older version than (48) is installed.
CCleaner (version 5.19) is *out of Date*
Mozilla Firefox 47.0 (x86 en-US) (version 47.0) is *out of Date*

***----------------Analysis Complete-------------------------***
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Emma (administrator) on DESKTOP-7VSNGC5 (16-08-2016 14:30:55)
Running from C:\Users\Emma\Desktop
Loaded Profiles: Emma (Available Profiles: Emma)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Flux Software LLC) C:\Users\Emma\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16681728 2016-07-18] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-09] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23546672 2016-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [CheckNDISPort] => C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort.exe [413696 2013-06-27] ()
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [1868800 2016-04-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3961968 2016-07-05] (Tonec Inc.)
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Run: [f.lux] => C:\Users\Emma\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL No File [ ]
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{9655ca47-1ec9-4cc1-9894-9c37cfdbde9d}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{eb612a08-fa71-4009-9c13-8e485fb44e8f}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {4AE1A96B-7CD4-4659-95A2-C10990610CCE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3887387696-3175185611-1160480504-1001 -> {4AE1A96B-7CD4-4659-95A2-C10990610CCE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-05] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-06-29] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-06-29] (McAfee, Inc.)
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL No File

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3887387696-3175185611-1160480504-1001 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default
FF Homepage: resource://activity-streams/data/content/activity-streams.html#/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-06-29] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-05] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-06-29] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-05-28] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Extension: Clearly - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\extensions\readable@evernote.com.xpi [2016-01-22]
FF Extension: Xmarks - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\extensions\foxmarks@kei.com [2016-05-26]
FF Extension: TinEye Reverse Image Search - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\extensions\tineye@ideeinc.com.xpi [2016-06-01]
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2016-06-24]
FF Extension: Activity Stream - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\@activity-streams.xpi [2016-07-27]
FF Extension: Test Pilot - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\@testpilot-addon.xpi [2016-08-05]
FF Extension: English United States (en-US) Dictionary by Mozilla - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\@unitedstatesenglishdictionary [2016-07-12]
FF Extension: Dictionnaire français - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2016-07-12]
FF Extension: English (GB) Language Pack - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2016-07-12]
FF Extension: English (US) Language Pack - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-07-12]
FF Extension: British English Dictionary (Marco Pinto) - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\marcoagpinto@mail.telepac.pt [2016-07-29]
FF Extension: LastPass - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\support@lastpass.com [2016-08-06]
FF Extension: web_clipper - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\8nk3l5rp.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-04-27]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-11-27] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-07-30] [not signed]
FF HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emma\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Emma\AppData\Roaming\IDM\idmmzcc5 [2016-08-16] [not signed]
FF HKU\S-1-5-21-3887387696-3175185611-1160480504-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-28]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-04-28]
CHR Extension: (Google Docs) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-28]
CHR Extension: (Google Drive) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
CHR Extension: (YouTube) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Google Sheets) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-28]
CHR Extension: (HP SimplePass) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-13]
CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2016-04-28]
CHR Extension: (Skype) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-05]
CHR Extension: (IDM Integration Module) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28]
CHR Extension: (Readability) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-04-28]
CHR Extension: (Evernote Web Clipper) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-06-13]
CHR Extension: (Gmail) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-07-05]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-07-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-22] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-07-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-07] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-06-29] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-06-29] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-03] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-07-18] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260216 2016-04-11] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 Microsoft Office Groove Audit Service; no ImagePath
S3 odserv; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 DrvAgent64; no ImagePath
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185896 2016-07-13] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3520264 2016-05-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-06-11] (Realtek )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-11] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-11] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71288 2016-04-11] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-07-07] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 14:30 - 2016-08-16 14:32 - 00038401 _____ C:\Users\Emma\Desktop\FRST.txt
2016-08-16 14:30 - 2016-08-16 14:30 - 00000000 ____D C:\Users\Emma\Desktop\tools
2016-08-16 14:30 - 2016-08-16 14:30 - 00000000 ____D C:\FRST
2016-08-16 14:20 - 2016-08-16 14:21 - 02394624 _____ (Farbar) C:\Users\Emma\Desktop\FRST64.exe
2016-08-16 14:19 - 2016-08-16 14:19 - 00898560 _____ C:\Users\Emma\Desktop\RGSA.exe
2016-08-16 14:11 - 2016-08-16 14:21 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-08-16 14:11 - 2016-08-16 14:11 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-08-16 10:35 - 2016-08-16 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-08-16 10:22 - 2016-08-16 10:47 - 31162887 _____ C:\Users\Emma\Desktop\5 Most Powerful Families That Secretly Control The World - Dark5.mp4
2016-08-16 10:22 - 2016-08-16 10:47 - 25363185 _____ C:\Users\Emma\Desktop\Embed Video - Media Matters for America.mp4
2016-08-16 10:22 - 2016-08-16 10:46 - 28372428 _____ C:\Users\Emma\Desktop\13 Families Rule Our Planet Earth.mp4
2016-08-15 18:33 - 2016-08-15 18:33 - 00000000 ____D C:\$SysReset
2016-08-15 16:03 - 2016-08-15 16:56 - 47256340 _____ C:\Users\Emma\Desktop\FULL INTERVIEW- GOV. MIKE PENCE ON -FOX NEWS SUNDAY- - AUGUST 14, 2016.mp4
2016-08-15 16:02 - 2016-08-15 17:24 - 40288468 _____ C:\Users\Emma\Desktop\Will Trump's apocalyptic vision of America resonate with undecided voters-.mp4
2016-08-15 16:02 - 2016-08-15 16:37 - 31692880 _____ C:\Users\Emma\Desktop\What we learned about Trump and the Republican party from the RNC.mp4
2016-08-15 16:01 - 2016-08-15 16:42 - 34166230 _____ C:\Users\Emma\Desktop\Could a loss for Donald Trump hurt the democratic process-.mp4
2016-08-15 15:56 - 2016-08-15 17:24 - 88078011 _____ C:\Users\Emma\Desktop\Full Interview- Leavitt, Ridge, Cohen & Brooks On CBS's -Face the Nation- - August 14, 2016.mp4
2016-08-15 15:54 - 2016-08-15 16:48 - 36047465 _____ C:\Users\Emma\Desktop\Meet The Press Round Table Discussing Trump & Clinton,.mp4
2016-08-15 15:53 - 2016-08-15 17:08 - 60399474 _____ C:\Users\Emma\Desktop\What makes a good president- Experts say experience matters.mp4
2016-08-15 15:51 - 2016-08-15 16:48 - 35964029 _____ C:\Users\Emma\Desktop\Katrina Pierson MSNBC appearance with Joy Ann Reid FULL.mp4
2016-08-15 15:50 - 2016-08-15 16:58 - 50230946 _____ C:\Users\Emma\Desktop\Don't Mess With Joy Reid.mp4
2016-08-15 15:30 - 2016-08-15 17:41 - 193891176 _____ C:\Users\Emma\Desktop\Hillary Clinton’s breakout moment at Wellesley College - The Washington Post.mp4
2016-08-15 15:30 - 2016-08-15 17:20 - 57711100 _____ C:\Users\Emma\Desktop\Hillary Clinton’s breakout moment at Wellesley College - The Washington Post_2.mp4
2016-08-13 16:57 - 2016-08-13 16:57 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-12 09:47 - 2016-08-12 09:48 - 01162822 _____ C:\Users\Emma\Desktop\Trump, Brexit & the rise of Populism.pdf
2016-08-11 11:52 - 2016-08-11 11:54 - 00437988 _____ C:\WINDOWS\Minidump\081116-29281-01.dmp
2016-08-11 11:52 - 2016-08-11 11:52 - 1194833349 _____ C:\WINDOWS\MEMORY.DMP
2016-08-11 10:45 - 2016-08-11 10:45 - 00000982 _____ C:\Users\Emma\Desktop\USA Votes 2016.lnk
2016-08-10 15:02 - 2016-08-15 19:38 - 00002427 _____ C:\Users\Emma\Desktop\O Seigneur comment reconnaitre (full).mp3.lnk
2016-08-09 17:26 - 2016-08-09 17:26 - 00001529 _____ C:\Users\Emma\Desktop\French Hymns (Lyrics).pdf.lnk
2016-08-06 08:53 - 2016-08-06 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-31 22:22 - 2016-07-31 22:25 - 00499724 _____ C:\WINDOWS\Minidump\073116-32250-01.dmp
2016-07-30 14:59 - 2016-07-30 16:26 - 00000000 ____D C:\Users\Emma\Desktop\WIP
2016-07-30 11:01 - 2016-07-30 11:01 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-07-30 11:01 - 2016-07-30 11:01 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-07-30 10:53 - 2016-07-18 11:09 - 15202040 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 02190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 01336624 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00962136 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00873472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00582096 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00447184 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-07-30 10:53 - 2016-07-18 11:08 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 02203752 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 01041744 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00927424 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00716104 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00589080 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-07-30 10:53 - 2016-07-18 11:07 - 00450120 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-07-30 10:53 - 2016-07-18 11:07 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 06358552 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 02732592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 01360520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00447728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-07-30 10:53 - 2016-07-18 11:06 - 00084624 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-07-30 10:53 - 2016-07-18 11:05 - 05593616 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-07-30 10:53 - 2016-07-18 11:05 - 00923744 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-07-30 10:53 - 2016-07-18 11:04 - 13122584 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-07-30 10:53 - 2016-07-18 11:04 - 12988352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2016-07-30 10:53 - 2016-07-18 11:04 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-07-30 10:53 - 2016-07-18 11:03 - 24404656 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRenderAVX64.dll
2016-07-30 10:53 - 2016-07-18 11:03 - 01334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-07-30 10:53 - 2016-07-18 11:03 - 00999856 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-07-30 10:53 - 2016-07-18 11:02 - 24314816 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRender64.dll
2016-07-30 10:53 - 2016-07-18 11:01 - 17370496 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioCapture64.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 10534704 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 02825104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 01422936 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 01166168 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 00618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-07-30 10:53 - 2016-07-18 11:00 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 03282544 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00472312 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00366128 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00360352 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00203848 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00190936 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2016-07-30 10:53 - 2016-07-18 10:59 - 00190936 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-07-30 10:53 - 2016-07-18 10:58 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-07-30 10:53 - 2016-07-18 10:57 - 02110592 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 01608128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00437160 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-07-30 10:53 - 2016-07-18 10:57 - 00112496 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2016-07-30 10:53 - 2016-07-18 10:56 - 72520720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-07-30 10:53 - 2016-07-18 10:56 - 03199744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-07-30 10:53 - 2016-07-18 10:56 - 02073096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 14057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 01186840 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 00931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 00416512 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 00372744 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2016-07-30 10:53 - 2016-07-18 10:55 - 00154368 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2016-07-30 10:53 - 2016-07-18 10:54 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-07-30 10:53 - 2016-07-18 10:54 - 06264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2016-07-30 10:53 - 2016-07-18 10:54 - 01115144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2016-07-30 10:53 - 2016-07-18 10:54 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-07-30 10:53 - 2016-07-18 10:54 - 00118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-07-30 10:53 - 2016-07-18 10:54 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-07-30 10:53 - 2016-07-18 10:53 - 02706872 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 05793528 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 05341352 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 03299824 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 02439048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 01959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 01213664 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 00570096 _____ (Intel Corporation) C:\WINDOWS\system32\tbb_waves.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 00179600 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-07-30 10:53 - 2016-07-18 10:52 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-07-30 10:53 - 2016-07-18 09:35 - 06575773 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-07-30 10:53 - 2016-07-18 09:35 - 01920820 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2016-07-30 10:53 - 2016-07-18 09:34 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2016-07-29 18:39 - 2016-07-29 18:39 - 00001492 _____ C:\Users\Emma\Desktop\Nigerian Gospel Songs.mp4.lnk
2016-07-22 17:39 - 2016-07-22 17:41 - 00382324 _____ C:\WINDOWS\Minidump\072216-42375-01.dmp
2016-07-22 17:30 - 2016-07-22 17:30 - 00000000 ____D C:\Users\Emma\AppData\Local\TempTaskUpdateDetectionC8BA556A-67AB-4811-BAEF-52651F12992A
2016-07-21 20:53 - 2016-07-21 20:53 - 00000000 ____D C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-07-21 20:53 - 2016-07-21 20:53 - 00000000 ____D C:\Users\Emma\AppData\Local\FluxSoftware
2016-07-17 11:54 - 2016-02-24 21:07 - 00207968 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-07-17 11:53 - 2016-07-29 21:08 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-07-17 11:53 - 2016-07-29 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-07-17 11:53 - 2016-07-17 11:53 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-17 11:50 - 2016-07-30 09:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-17 11:50 - 2016-07-17 11:55 - 00000000 ____D C:\Program Files\McAfee
2016-07-17 11:50 - 2016-07-17 11:50 - 00000000 ____D C:\Program Files\McAfee.com
2016-07-17 11:50 - 2016-07-17 11:50 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-17 11:50 - 2016-07-17 11:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-17 11:08 - 2016-07-29 21:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-07-17 11:08 - 2016-07-28 19:14 - 00000000 ____D C:\ProgramData\McAfee
2016-07-17 11:08 - 2016-04-26 17:56 - 00277744 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 14:23 - 2016-01-26 17:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-16 14:19 - 2016-01-22 22:40 - 00000000 ___RD C:\Users\Emma\Dropbox
2016-08-16 14:17 - 2016-01-22 16:31 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85997B76-033E-42D2-8988-AABA2E6EF4F5}
2016-08-16 12:04 - 2016-01-22 20:35 - 00000000 ____D C:\Users\Emma\AppData\Roaming\vlc
2016-08-16 12:03 - 2016-01-24 21:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-16 11:44 - 2016-04-28 13:10 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-16 11:41 - 2016-01-22 22:36 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-16 11:12 - 2016-01-22 20:39 - 00000000 ____D C:\Users\Emma\AppData\Roaming\DMCache
2016-08-16 10:39 - 2016-01-22 13:49 - 00000000 ____D C:\Users\Emma\Documents\YouCam
2016-08-16 10:33 - 2016-02-04 19:34 - 00000000 ____D C:\Program Files (x86)\3G Hostless Modem
2016-08-16 10:32 - 2016-05-04 09:33 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-16 10:32 - 2016-04-28 13:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-16 10:32 - 2016-01-22 22:36 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-16 10:32 - 2016-01-22 13:48 - 00000000 __SHD C:\Users\Emma\IntelGraphicsProfiles
2016-08-16 10:31 - 2016-05-04 09:32 - 00000000 ____D C:\ProgramData\Validity
2016-08-16 10:30 - 2016-02-13 14:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-16 10:30 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-16 09:23 - 2016-01-22 20:19 - 00000000 ____D C:\Users\Emma\AppData\LocalLow\LastPass
2016-08-16 09:02 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-16 08:17 - 2016-06-15 09:42 - 00000000 ____D C:\Users\Emma\AppData\Local\CrashDumps
2016-08-16 08:14 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 08:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-16 08:11 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-15 20:41 - 2016-06-20 06:46 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEmma.job
2016-08-15 19:59 - 2016-06-20 06:46 - 00003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEmma
2016-08-15 19:08 - 2016-05-04 09:38 - 00000000 ____D C:\Users\Emma
2016-08-15 19:02 - 2016-07-13 16:46 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-08-15 19:02 - 2016-05-18 20:12 - 00000000 ____D C:\Users\Emma\Desktop\shortcuts
2016-08-15 19:02 - 2016-04-04 11:04 - 00000000 ____D C:\Users\Emma\Desktop\To Do
2016-08-15 19:02 - 2016-02-13 14:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-15 19:02 - 2016-02-13 14:03 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-15 19:02 - 2016-02-13 14:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-15 19:02 - 2015-11-27 17:58 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-08-15 19:02 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-15 19:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-15 19:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-15 19:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-08-15 19:02 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-15 19:02 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\servicing
2016-08-15 19:02 - 2015-07-24 01:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-15 18:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration
2016-08-15 15:31 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-13 16:58 - 2016-05-04 18:29 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-13 08:04 - 2016-04-14 10:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 17:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-11 11:52 - 2016-05-10 16:22 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-10 14:46 - 2016-01-22 13:48 - 00000000 ____D C:\Users\Emma\AppData\Local\Packages
2016-08-09 08:11 - 2016-05-04 09:38 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-08 23:35 - 2016-05-15 11:16 - 00000000 ____D C:\Users\Emma\AppData\Roaming\WhatsApp
2016-08-08 19:48 - 2016-04-28 13:14 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 08:53 - 2015-11-27 18:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-05 09:00 - 2016-04-11 14:10 - 00000000 ____D C:\ProgramData\Oracle
2016-08-05 08:58 - 2016-04-11 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-05 08:58 - 2016-04-11 14:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-05 08:57 - 2016-04-11 14:11 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-05 08:57 - 2016-04-11 14:11 - 00000000 ____D C:\Users\Emma\.oracle_jre_usage
2016-08-03 17:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-30 11:02 - 2015-07-24 01:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-30 11:01 - 2016-05-14 11:43 - 00000000 ____D C:\ProgramData\Intel
2016-07-30 11:01 - 2015-11-27 17:53 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-30 10:57 - 2016-05-04 09:33 - 00000000 ____D C:\Program Files\Intel
2016-07-30 10:55 - 2016-05-17 13:45 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-07-30 10:54 - 2016-05-04 09:33 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-07-29 21:09 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-07-29 09:39 - 2016-04-28 13:10 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 09:39 - 2016-04-28 13:10 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 09:16 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-29 09:14 - 2016-05-10 12:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-22 10:57 - 2016-05-15 11:10 - 00000000 ____D C:\Users\Emma\AppData\Local\SquirrelTemp
2016-07-21 19:00 - 2016-04-18 19:35 - 00000000 ____D C:\Program Files (x86)\Softland
2016-07-21 18:57 - 2016-05-09 12:51 - 00000000 ____D C:\Users\Emma\AppData\Local\FurtherMarket
2016-07-18 13:42 - 2016-01-22 20:00 - 00000000 ____D C:\Emma
2016-07-18 11:07 - 2015-11-27 17:52 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-07-18 11:07 - 2015-11-27 17:52 - 00192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-07-18 11:06 - 2015-11-27 17:52 - 03090544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-07-18 10:56 - 2015-11-27 17:52 - 05202440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-07-18 10:56 - 2015-11-27 17:52 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-07-17 10:44 - 2016-02-19 16:09 - 00000000 ____D C:\Users\Emma\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2016-05-17 13:45 - 2016-05-17 13:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-09 14:29

==================== End of FRST.txt ============================
 
Clean the registry? Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows operating systems and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.

Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

You can attempt to attach the logs (Instructions here: How to Attach a File or a Screenshot to a Post), however, since your laptop is less than a year old, I suggest you consider the Recovery options in Windows 10.
 
  • Thanks
Reactions: Xer
Very well understood, Corrine. Thanks very much for the information. I did actually do a systems restore to the 13th August 2016 but it did not resolve the problem. I'll try another further back and see what happens. Thanks.
 
Hi Corrine,

I restored the PC to an earlier restore point but the problem was not resolved. I finally have reset the PC: reinstalled windows while leaving my data intact. That too has not resolved the problem. Sometimes it works and other times the problems reappear. I have no idea what is causing the issue and it renders the PC almost unusable.


Rgs,

Emmanuel
 
Hi ekijem - Emmanuel. :smile9:

ekijem said:
I've been advised to make sure the "delete" keys are not stuck. I checked them out and tried to lift them up. Things work for a while but then just after a few minutes, the whole nightmare started again.
Click to expand...
Did you try another keyboard?
 
I found these possible solutions on the web, I didn't try them.
I like the last one, even if it seems more complicated, because it allows you to don't mess up with the drivers.

The simplest and obvious option is the first one (if it's available... I'm using a desktop and that option isn't active):

  • disable the keyboard
    (right-click start, left-click device manager, left-click twice keyboards, left-click twice your laptop keyboard, left-click drivers tab, left-click disable)
  • uninstall the keyboard (like above, but left-click uninstall instead of disable).
  • rename the driver that is using your keyboard.
  • choose a different driver for your keyboard.
  • open the laptop and disconnect physically the keyboard.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top