Windows Update Issue preventing me from Upgrade to Win 10

[calebgroup]

I am having a huge issue with updating Windows now for several months. I ran the SFCfix where I was told that there a number of corrupted files but then saw a message that there no errors found.

I tried to run the WU troubleshooter and it keeps getting hung up on an area that says "Starting BITS" but nothing ever happens and gets stuck rght there.

any help is appreciated.

 

[calebgroup]

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-12-28 04:44:05.873
Microsoft Windows 8.1 Update 2 - amd64
Not using a script file.








AutoAnalysis::
FIXED: Performed DISM repair on file Amd64\CNBJ2530.DPB of version 6.3.9600.16384.








SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-12-28 06:09:15.180
----------------------EOF-----------------------

 

[BrianDrab]

Hi and welcome to Sysnative. We'll see what we can do. Please do the following.

Step#1 - ChkDsk Scan
1. Right-click your Start button and select Command Prompt (Admin). Answer Yes to allow if the User Account Control dialog comes up.
2. You should now have a black window open that you can type in to.
3. Please type chkdsk and then press enter.
4. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.

5. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
6. Right-click this file and select Run as administrator (Allow if prompted)and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
Please copy the contents of this file and paste into your next post.

 

[calebgroup]

Thank you BrianDrab. Here are the results...

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013


------< Log generate on 12/30/2015 12:39:14 PM >------
Category: 0
Computer Name: GilOfficePC
Event Code: 26212
Record Number: 80031
Source Name: Chkdsk
Time Written: 12-30-2015 @ 17:38:37
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.


WARNING! F parameter not specified.
Running CHKDSK in read-only mode.


Stage 1: Examining basic file system structure ...


321536 file records processed.


File verification completed.


6583 large file records processed.




0 bad file records processed.




Stage 2: Examining file name linkage ...


407476 index entries processed.


Index verification completed.


0 unindexed files scanned.




0 unindexed files recovered.




Stage 3: Examining security descriptors ...
Security descriptor verification completed.


42971 data files processed.


CHKDSK is verifying Usn Journal...


39181592 USN bytes processed.


Usn Journal verification completed.


Windows has scanned the file system and found no problems.
No further action is required.


956050431 KB total disk space.
92916464 KB in 241352 files.
151400 KB in 42972 indexes.
0 KB in bad sectors.
462667 KB in use by the system.
65536 KB occupied by the log file.
862519900 KB available on disk.


4096 bytes in each allocation unit.
239012607 total allocation units on disk.
215629975 allocation units available on disk.


-----------------------------------------------------------------------
Category: 0
Computer Name: GilOfficePC
Event Code: 26212
Record Number: 53348
Source Name: Chkdsk
Time Written: 04-27-2015 @ 18:29:42
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.


WARNING! F parameter not specified.
Running CHKDSK in read-only mode.


Stage 1: Examining basic file system structure ...


321536 file records processed.


File verification completed.


6233 large file records processed.




0 bad file records processed.




Stage 2: Examining file name linkage ...


399130 index entries processed.


Index verification completed.


0 unindexed files scanned.




0 unindexed files recovered.




Stage 3: Examining security descriptors ...
Security descriptor verification completed.


38798 data files processed.


CHKDSK is verifying Usn Journal...


41241456 USN bytes processed.


Usn Journal verification completed.


Windows has scanned the file system and found no problems.
No further action is required.


956050431 KB total disk space.
66430948 KB in 202499 files.
131716 KB in 38799 indexes.
0 KB in bad sectors.
464643 KB in use by the system.
65536 KB occupied by the log file.
889023124 KB available on disk.


4096 bytes in each allocation unit.
239012607 total allocation units on disk.
222255781 allocation units available on disk.


-----------------------------------------------------------------------

 

[BrianDrab]

Thanks. Please do the following.

Step#1 - FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

[calebgroup]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
Ran by Gil (administrator) on GILOFFICEPC (30-12-2015 13:23:33)
Running from C:\Users\Gil\Desktop
Loaded Profiles: Gil (Available Profiles: Gil)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RingCentral) C:\Program Files (x86)\RingCentral for Windows\Softphone.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [Google Update] => C:\Users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [RCUI] => C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe [608560 2014-06-09] (RingCentral, Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [RCHotKey] => C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe [30000 2014-06-09] (RingCentral, Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [Dropbox Update] => C:\Users\Gil\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [SugarSync] => C:\Program Files (x86)\SugarSync\SugarSync.exe [18880528 2015-09-28] (SugarSync, Inc.)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [RingCentral for Windows] => C:\Program Files (x86)\RingCentral for Windows\Softphone.exe [41250816 2015-10-01] (RingCentral)
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Run: [MP3 Skype recorder] => C:\Users\Gil\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2216600 2015-11-02] (Domit UK LTD)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-08-12]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-08-12]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-08-12]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 10.1.10.1
Tcpip\..\Interfaces\{89EF2115-7329-4358-9831-E3165525A286}: [DhcpNameServer] 10.1.10.1


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-09-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {523F7FBF-712D-467A-80CC-6BE7BC90CA73} hxxps://ocp.taxwise.com/ActiveX/ocpCheckRenderer.dll
DPF: HKLM-x32 {FF36CDA3-BE1A-4E1D-BD40-68E6D4E2A7F5} hxxps://ocp.taxwise.com/ActiveX/PrinterInformation.dll
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-10-15] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-09-01] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\Gil\AppData\Roaming\Mozilla\Firefox\Profiles\89awetsd.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2509790399-2890906804-1317435896-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Gil\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-2509790399-2890906804-1317435896-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2509790399-2890906804-1317435896-1001: @talk.google.com/O1DPlugin -> C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2509790399-2890906804-1317435896-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2509790399-2890906804-1317435896-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gil\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-05-14] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Gil\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gil\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: FireFTP - C:\Users\Gil\AppData\Roaming\Mozilla\Firefox\Profiles\89awetsd.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF Extension: iCloud Bookmarks - C:\Users\Gil\AppData\Roaming\Mozilla\Firefox\Profiles\89awetsd.default\Extensions\firefoxdav@icloud.com [2015-05-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]


Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://gmail.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Gil\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Gil\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
CHR Profile: C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chord Finder) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhmjooncijgbgefdkimcfmfogildjen [2014-01-17]
CHR Extension: (Angry Birds) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-13]
CHR Extension: (Google Docs) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (SocialBro) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm [2014-10-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-08-07]
CHR Extension: (YouTube) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (VUDU Movies) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib [2014-01-17]
CHR Extension: (WGT Golf Challenge) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2014-01-17]
CHR Extension: (PicMonkey) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-10-25]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2015-05-27]
CHR Extension: (Springpad) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2014-01-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
CHR Extension: (NPR Infinite Player) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-01-17]
CHR Extension: (Crackle) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-22]
CHR Extension: (Apps Launcher) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2015-10-11]
CHR Extension: (60 Minutes) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjhdahelgojehmfmkmdfjcpfbglbfmj [2014-01-17]
CHR Extension: (Movi Kanti Revo) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2014-01-17]
CHR Extension: (CashBase) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\klehkbljbmijfgbokipcjeialaonhjlc [2014-01-17]
CHR Extension: (Wave Accounting) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2014-10-21]
CHR Extension: (Skype) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-27]
CHR Extension: (Facebook Cover Maker) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbpohdhflnokmclkbieabhmhbnamcnk [2014-01-17]
CHR Extension: (DSL speedtest) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2014-01-17]
CHR Extension: (Finance41 Personal Finance Manager) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbgkhncobohkmgdjdiijlbgjidpnnkcd [2014-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Buffer) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-11-30]
CHR Extension: (Gmail) - C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-11] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-26] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-26] (CyberLink)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-15] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1640896 2014-03-23] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [358400 2013-05-09] (C-Media Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-05-16] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-12-30 13:23 - 2015-12-30 13:24 - 00033736 _____ C:\Users\Gil\Desktop\FRST.txt
2015-12-30 13:22 - 2015-12-30 13:23 - 00000000 ____D C:\FRST
2015-12-30 13:21 - 2015-12-30 13:21 - 02370560 _____ (Farbar) C:\Users\Gil\Desktop\FRST64.exe
2015-12-30 12:54 - 2015-12-30 12:54 - 00103703 _____ C:\Users\Gil\Downloads\LakevilleSubwayPayrollReports (1).xls
2015-12-30 12:51 - 2015-12-30 12:51 - 00121631 _____ C:\Users\Gil\Downloads\EddyStreetSubwayPayrollReports (1).xls
2015-12-30 12:45 - 2015-12-30 12:45 - 00005732 _____ C:\Users\Gil\Downloads\ACFrOgAw-MUev_iDt-cKy5ts1EKZvB98s9udPusWi0PsJOEU5Jk22H1KC3LlA8q3rGdTs5YOndOC5VySRS1vccXx7xWrrCPPQ2vHL2FxVg_7tCL92xK_O8KTJNQ25Qw=.pdf
2015-12-30 12:44 - 2015-12-30 12:44 - 00022789 _____ C:\Users\Gil\Downloads\ACFrOgAR2XgA7qTPrak0mIJylshK7ZhBBJRWiRZ3M1sMDfFw7lTpWToe_snTVC0Imbe7n_vYPFJcf3aYA_m0BfuvdmNFIp3gWDwaB8LL-wPhQPo30vD7IFaHbG6wEas=.pdf
2015-12-30 12:39 - 2015-12-30 12:39 - 00197679 _____ C:\Users\Gil\Downloads\ListChkdskResult.exe
2015-12-30 12:39 - 2015-12-30 12:39 - 00013560 _____ C:\Users\Gil\Desktop\ListChkdskResult.txt
2015-12-30 12:28 - 2015-12-30 12:28 - 00069203 _____ C:\Users\Gil\Downloads\ACFrOgCb4k1paMKbsoMPxL_Gm78emqA3JzfFgLF3mgzm5ScysoyHpFLMkqCAvf_I0OVbA7KD7BB88VS1fLqlI9l3ywVjYNTM7QG1HXvrzIY6-Mko7aUIQOhNf00UoFs=.pdf
2015-12-29 14:54 - 2015-12-29 14:54 - 00012201 _____ C:\Users\Gil\Downloads\Melissa_Whetsel.pdf
2015-12-29 13:55 - 2015-12-29 13:55 - 00128642 _____ C:\Users\Gil\Downloads\kirk_application_2014.pdf
2015-12-29 13:06 - 2015-12-29 13:06 - 00010454 _____ C:\Users\Gil\Downloads\Tierra_Robinson.pdf
2015-12-29 11:21 - 2015-12-29 11:21 - 00050673 _____ C:\Users\Gil\Downloads\+15742470889-1223-140930-460.pdf
2015-12-28 17:40 - 2015-12-28 17:40 - 00006407 _____ C:\Users\Gil\Downloads\Brandi_Lafler (1).pdf
2015-12-28 17:23 - 2015-12-28 17:23 - 00008121 _____ C:\Users\Gil\Downloads\Beverly_Lax_Floyd.pdf
2015-12-28 17:22 - 2015-12-28 17:22 - 00006852 _____ C:\Users\Gil\Downloads\Jensen_Edsall.pdf
2015-12-28 17:22 - 2015-12-28 17:22 - 00006407 _____ C:\Users\Gil\Downloads\Brandi_Lafler.pdf
2015-12-28 13:14 - 2015-12-28 13:14 - 00035326 _____ C:\Users\Gil\Downloads\ACFrOgA8FMlXfCNC3iG1q0q6Za1GkVVVsN9GVslotycdhI0iqu-vIvvzJHWxglmFVEkOkHDOHlrg8PEfvjT-gIjSnP7MMFfrgOGQejpSg8SlWAL3GmCCmHX7BGi3ZnE=.pdf
2015-12-28 06:22 - 2015-12-28 06:22 - 05988008 _____ C:\Users\Gil\Downloads\CBS.zip
2015-12-28 06:15 - 2015-12-28 06:15 - 05988008 _____ C:\Users\Gil\Desktop\CBS.zip
2015-12-28 06:09 - 2015-12-28 10:23 - 00001126 _____ C:\Users\Gil\Desktop\SFCFix.txt
2015-12-28 06:09 - 2015-12-28 10:23 - 00000000 ____D C:\SFCFix
2015-12-28 04:43 - 2015-12-28 04:43 - 01319424 _____ (niemiro) C:\Users\Gil\Downloads\SFCFix.exe
2015-12-28 04:00 - 2015-12-28 04:00 - 00000000 ___HD C:\$Windows.~WS
2015-12-28 03:59 - 2015-12-28 03:59 - 07635472 _____ (Microsoft Corporation) C:\Users\Gil\Downloads\GetWindows10-pse_ggl (1).exe
2015-12-28 03:58 - 2015-12-28 03:58 - 04827551 _____ C:\Users\Gil\Downloads\Windows8.1-KB2919442-x86.msu
2015-12-28 03:57 - 2015-12-28 03:57 - 07635472 _____ (Microsoft Corporation) C:\Users\Gil\Downloads\GetWindows10-pse_ggl.exe
2015-12-28 03:54 - 2015-12-28 03:55 - 75351558 _____ C:\Users\Gil\Downloads\Windows8.1-KB2934018-x86.msu
2015-12-28 03:54 - 2015-12-28 03:55 - 26455888 _____ C:\Users\Gil\Downloads\Windows8.1-KB2932046-x86.msu
2015-12-28 03:54 - 2015-12-28 03:55 - 10452742 _____ C:\Users\Gil\Downloads\Windows8.1-KB2938439-x86.msu
2015-12-28 03:54 - 2015-12-28 03:54 - 02574218 _____ C:\Users\Gil\Downloads\Windows8.1-KB2959977-x86.msu
2015-12-28 03:54 - 2015-12-28 03:54 - 00309544 _____ C:\Users\Gil\Downloads\Windows8.1-KB2937592-x86.msu
2015-12-28 03:54 - 2015-12-28 03:54 - 00036016 _____ (Microsoft Corporation) C:\Users\Gil\Downloads\clearcompressionflag.exe
2015-12-28 03:53 - 2015-12-28 03:53 - 00000000 ____D C:\8b40cc25d43ee1cc2d61baab
2015-12-28 03:50 - 2015-12-28 03:53 - 334517159 _____ C:\Users\Gil\Downloads\Windows8.1-KB2919355-x86.msu
2015-12-28 03:29 - 2015-12-28 03:29 - 00000000 ____D C:\Users\Gil\AppData\Roaming\ClassicShell
2015-12-28 03:20 - 2015-12-28 03:35 - 00000000 ____D C:\AdwCleaner
2015-12-28 03:15 - 2015-12-28 03:15 - 01743360 _____ C:\Users\Gil\Downloads\AdwCleaner.exe
2015-12-28 02:52 - 2015-12-28 02:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-28 02:49 - 2015-12-28 02:50 - 22908888 _____ (Malwarebytes ) C:\Users\Gil\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-27 21:09 - 2015-12-27 21:09 - 07635472 _____ (Microsoft Corporation) C:\Users\Gil\Downloads\GetWindows10-sds_____________.exe
2015-12-27 17:34 - 2015-12-27 17:34 - 07635472 _____ (Microsoft Corporation) C:\Users\Gil\Downloads\GetWindows10-Web_Default_Attr.exe
2015-12-27 17:34 - 2015-12-27 17:34 - 00000000 ____D C:\$WINDOWS.~BT
2015-12-18 17:16 - 2015-12-18 17:15 - 02264920 _____ C:\Users\Public\DHAVAL PATEL 2013326112079.pdf
2015-12-18 16:54 - 2015-12-18 16:54 - 00107806 _____ C:\Users\Gil\Downloads\Greater MMBC- Letter.pdf
2015-12-18 15:46 - 2015-12-18 15:43 - 00098674 _____ C:\Users\Public\Documents\Logos_Business Entity Report Filing2015.pdf
2015-12-18 15:46 - 2015-12-18 15:42 - 00098671 _____ C:\Users\Public\Documents\Pure Assembly BER.pdf
2015-12-18 15:46 - 2015-12-14 09:18 - 00098527 _____ C:\Users\Public\Documents\TCD Business Entity Report Filing.pdf
2015-12-18 15:16 - 2015-12-18 15:16 - 00061737 _____ C:\Users\Gil\Downloads\+17185275661-1218-144715-226.pdf
2015-12-18 10:10 - 2015-12-18 10:08 - 03640802 _____ C:\Users\Public\BROWNCLARA 2014.pdf
2015-12-17 17:03 - 2013-07-17 14:34 - 05465600 _____ C:\Users\Public\Documents\CAS Brochure with testimonials.pub
2015-12-17 17:01 - 2013-07-05 08:04 - 04530688 _____ C:\Users\Public\Documents\CAS Brochure 2.pub
2015-12-17 16:59 - 2015-12-17 16:59 - 03474938 _____ C:\Users\Public\Documents\CAS Brochure.pdf
2015-12-17 14:09 - 2015-12-17 14:09 - 01839520 _____ (LogMeIn, Inc.) C:\Users\Gil\Downloads\Support-LogMeInRescue (2).exe
2015-12-15 16:58 - 2015-12-15 16:58 - 00251399 _____ C:\Users\Gil\Downloads\ECCU Statements_NHOM (2).pdf
2015-12-15 13:54 - 2015-12-15 13:54 - 00301871 _____ C:\Users\Gil\Downloads\GeneratePdf (2).pdf
2015-12-15 13:40 - 2015-12-15 13:40 - 00507977 _____ C:\Users\Gil\Downloads\ACFrOgDqkHo9rIDaqvUJrvdmURdBVLELeq1ByN_0cS4S1olIaCRBkRw6jhSA5Q_W8El1DkN4MGG7juj-192rBjDydCcFBTCC7pCxsPUYHNyL0DaAefYHk97-jtXX3bI=.pdf
2015-12-14 13:21 - 2015-12-14 13:21 - 00666785 _____ C:\Users\Gil\Downloads\ACFrOgCRWJrwswLKuNQYKB2s4ZOCWX6d0bWs6ZmtedJxjeGMlNlrAA513h8853OBD2cMpOvS_80jAH2uVovbUeWYEPn9OqyO_CAc-C6MtKS4449HoxGkheF3u24uXt0=.pdf
2015-12-14 09:21 - 2015-12-14 09:18 - 00098527 _____ C:\Users\Public\TCD Business Entity Report Filing.pdf
2015-12-14 09:06 - 2015-12-14 09:06 - 00224365 _____ C:\Users\Gil\Downloads\ViewPdfForm (18).pdf
2015-12-14 06:49 - 2015-12-14 06:49 - 00001808 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-14 06:49 - 2015-12-14 06:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-14 06:48 - 2015-12-14 06:49 - 00000000 ____D C:\Program Files\iTunes
2015-12-14 06:48 - 2015-12-14 06:48 - 00000000 ____D C:\Program Files\iPod
2015-12-14 06:48 - 2015-12-14 06:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-12 10:11 - 2015-12-12 10:11 - 00000000 ____D C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 14:47 - 2015-12-11 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-11 14:46 - 2015-12-11 14:46 - 00001900 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-11 14:46 - 2015-12-11 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-11 14:46 - 2015-12-11 14:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-11 11:06 - 2015-12-11 11:06 - 00226857 _____ C:\Users\Gil\Downloads\5224-January 2015.pdf
2015-12-11 11:06 - 2015-12-11 11:06 - 00224133 _____ C:\Users\Gil\Downloads\5224-February 2015.pdf
2015-12-11 11:06 - 2015-12-11 11:06 - 00222960 _____ C:\Users\Gil\Downloads\5972 March 2015.pdf
2015-12-11 11:06 - 2015-12-11 11:06 - 00220520 _____ C:\Users\Gil\Downloads\5078 March 2015.pdf
2015-12-11 11:06 - 2015-12-11 11:06 - 00220256 _____ C:\Users\Gil\Downloads\1878 March 2015.pdf
2015-12-11 11:06 - 2015-12-11 11:06 - 00219686 _____ C:\Users\Gil\Downloads\4595 March 2015.pdf
2015-12-11 11:06 - 2015-12-11 11:06 - 00206508 _____ C:\Users\Gil\Downloads\0555 March 2015.pdf
2015-12-11 11:05 - 2015-12-11 11:06 - 00218648 _____ C:\Users\Gil\Downloads\1894 March 2015.pdf
2015-12-11 11:05 - 2015-12-11 11:05 - 00227839 _____ C:\Users\Gil\Downloads\5224-March 2015.pdf
2015-12-11 11:05 - 2015-12-11 11:05 - 00220695 _____ C:\Users\Gil\Downloads\1886 March 2015.pdf
2015-12-11 11:05 - 2015-12-11 11:05 - 00219367 _____ C:\Users\Gil\Downloads\5115 March 2015.pdf
2015-12-04 18:32 - 2015-12-04 18:32 - 00306340 _____ C:\Users\Gil\Downloads\VCP_Interpretive_Guide_final_4-1-14.pdf
2015-12-04 18:32 - 2015-12-04 18:32 - 00252661 _____ C:\Users\Gil\Downloads\VCP_Interpretive_Guide.pdf
2015-12-04 18:30 - 2015-12-04 18:30 - 00158082 _____ C:\Users\Gil\Downloads\49443.pdf
2015-12-03 12:07 - 2015-12-03 12:07 - 03121525 _____ C:\Users\Gil\Downloads\103WaysToSave.pdf
2015-12-03 11:20 - 2015-12-03 11:20 - 00891300 _____ C:\Users\Gil\Downloads\Year-End-Letter-2015.pdf
2015-12-03 08:10 - 2015-12-03 08:10 - 01068534 _____ C:\Users\Gil\Downloads\ACFrOgDAiVYr4-p-YlsYJHiMJgchFVJRiTZmxFIZJNh-U-GoQWPSWNU754twhE0oUxDCE9v3Y-spuDmxdYXz53vnGMYWkDKjO9Qkc583KGSvfEvWZvhFinlbUHmkgAY=.pdf
2015-12-03 07:28 - 2015-12-03 08:16 - 00031103 _____ C:\Users\Gil\Downloads\Pastor List Sarasota 3.xlsx
2015-12-02 17:37 - 2015-12-02 17:37 - 00121367 _____ C:\Users\Gil\Downloads\Payroll Summary (4).xls
2015-12-02 16:23 - 2015-12-02 16:23 - 00078943 _____ C:\Users\Gil\Downloads\1070-126-54646056.pdf
2015-12-01 15:01 - 2015-12-01 15:01 - 00032108 _____ C:\Users\Gil\Downloads\ACFrOgBjNqHKGOOYQJeCsMju5UBsehwusQimfWKPJh7xn-KlJP8LdD0iDVAPM7YcWECiZP0tZ1kflY3YNADOBvSYThtsMdgfYezKkZQEKIGbWbw60b5Eo-H892jLckw=.pdf
2015-12-01 14:13 - 2015-12-01 14:40 - 00334728 _____ C:\Users\Gil\Downloads\Alpesh Patel- F433-A.pdf
2015-12-01 13:53 - 2015-12-01 13:53 - 00554552 _____ C:\Users\Gil\Downloads\ACFrOgBcWi9E4qM9dAUE_qImUb_YMhHObIRSsUUmzp1mNY7T2HSSkSl9-WvOzjeWA24B3KoXJJTWhZC-i991xEejdmj6iPlqdck-2oBKQMJP06zA7401-c6LqppvFoA=.pdf
2015-12-01 13:53 - 2015-12-01 13:53 - 00286949 _____ C:\Users\Gil\Downloads\F433-A (2).pdf
2015-11-30 15:22 - 2015-11-30 15:22 - 00093203 _____ C:\Users\Gil\Downloads\PressReleaseLetsBuyBlack365 20151127.pdf
2015-11-30 15:22 - 2015-11-30 15:22 - 00093203 _____ C:\Users\Gil\Downloads\PressReleaseLetsBuyBlack365 20151127 (1).pdf
2015-11-30 10:38 - 2015-11-30 10:38 - 00273097 _____ C:\Users\Gil\Downloads\Pearl Insurance Supplemental Form.pdf


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-12-30 13:24 - 2014-02-27 10:33 - 00000574 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2509790399-2890906804-1317435896-1001.job
2015-12-30 13:23 - 2015-06-04 15:45 - 00003672 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2509790399-2890906804-1317435896-1001
2015-12-30 13:23 - 2015-06-04 15:45 - 00000670 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2509790399-2890906804-1317435896-1001.job
2015-12-30 13:23 - 2014-02-27 10:33 - 00003576 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2509790399-2890906804-1317435896-1001
2015-12-30 13:23 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-30 13:16 - 2014-01-20 10:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 13:10 - 2015-06-25 12:00 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA.job
2015-12-30 13:08 - 2014-02-17 09:05 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA.job
2015-12-30 12:54 - 2014-01-17 23:20 - 00000000 ____D C:\Users\Gil\AppData\Local\Packages
2015-12-30 12:49 - 2014-01-17 23:37 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-30 12:41 - 2015-08-21 07:30 - 00000000 ____D C:\Users\Gil\AppData\Local\ClassicShell
2015-12-30 12:29 - 2014-02-24 09:50 - 00000000 ____D C:\ProgramData\MFAData
2015-12-30 02:36 - 2014-02-17 01:32 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-12-30 02:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-29 17:49 - 2014-01-17 23:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-29 17:08 - 2014-02-17 09:05 - 00000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core.job
2015-12-29 12:16 - 2014-01-20 10:35 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-29 06:17 - 2014-01-17 23:22 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D68825D1-B856-4122-8B27-6C1EAD4A5443}
2015-12-29 02:10 - 2015-06-25 12:00 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core.job
2015-12-28 12:45 - 2014-01-17 23:29 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2509790399-2890906804-1317435896-1001
2015-12-28 07:04 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-28 04:43 - 2014-09-02 09:55 - 00000000 ____D C:\Users\Gil\AppData\Local\ElevatedDiagnostics
2015-12-28 04:02 - 2014-02-17 04:30 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-28 03:49 - 2013-11-14 02:28 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 03:43 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-28 03:42 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-27 22:24 - 2015-08-28 17:05 - 00000000 ____D C:\Users\Gil\QB
2015-12-27 20:49 - 2014-01-21 15:23 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-27 17:36 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-25 08:54 - 2014-05-19 10:58 - 00003422 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2015-12-23 06:59 - 2015-11-03 21:04 - 00001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-23 06:59 - 2015-11-03 21:04 - 00001014 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-18 11:45 - 2015-08-12 15:28 - 00000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2015-12-17 13:39 - 2015-08-12 15:31 - 00000000 ____D C:\Users\Gil\AppData\Local\SugarSync
2015-12-17 13:38 - 2014-05-19 12:13 - 00000000 ____D C:\Users\Gil\AppData\Local\F4D7FF1A-50EE-4B39-A220-92E4671548C7.aplzod
2015-12-17 13:38 - 2014-05-01 17:56 - 00000000 ____D C:\Users\Gil\AppData\Local\Apple Computer
2015-12-17 06:02 - 2015-04-27 10:02 - 00000000 ___RD C:\Users\Gil\iCloudDrive
2015-12-16 14:05 - 2014-07-07 11:03 - 00000000 ____D C:\Users\Gil\AppData\Roaming\Canon
2015-12-16 13:55 - 2014-07-07 11:12 - 00000000 ____D C:\Users\Gil\Documents\Scanned Docs
2015-12-15 16:50 - 2014-01-17 23:38 - 00002246 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 13:09 - 2015-03-03 18:44 - 00000000 ____D C:\Users\Gil\Documents\Behrens 2014
2015-12-14 06:48 - 2014-05-01 17:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-12 10:12 - 2014-04-26 08:53 - 00000000 ____D C:\Users\Gil\AppData\Roaming\Dropbox
2015-12-11 20:30 - 2015-05-12 23:49 - 00000000 ___RD C:\Users\Gil\OneDrive
2015-12-11 20:30 - 2014-09-01 01:47 - 00003098 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2509790399-2890906804-1317435896-1001
2015-12-11 18:15 - 2015-10-12 05:13 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGil
2015-12-11 18:15 - 2015-10-12 05:13 - 00000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGil.job
2015-12-11 11:10 - 2014-02-10 10:56 - 02072576 ___SH C:\Users\Gil\Downloads\Thumbs.db
2015-12-03 17:44 - 2014-01-17 23:37 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 17:44 - 2014-01-17 23:37 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 17:03 - 2014-02-17 09:05 - 00003866 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA
2015-12-03 17:03 - 2014-02-17 09:05 - 00003486 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core
2015-11-30 10:42 - 2014-02-17 01:37 - 00000000 ____D C:\Users\Gil


==================== Files in the root of some directories =======


2014-02-25 20:24 - 2014-06-24 17:02 - 0003743 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-09-24 13:14 - 2015-09-24 13:14 - 0003379 _____ () C:\Users\Gil\AppData\Roaming\QBFileDrTool.log
2015-04-27 16:13 - 2015-04-27 16:13 - 0000723 _____ () C:\ProgramData\ProgramData - Shortcut.lnk


Some files in TEMP:
====================
C:\Users\Gil\AppData\Local\Temp\Abspdf.exe
C:\Users\Gil\AppData\Local\Temp\acfpdfu.dll
C:\Users\Gil\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Gil\AppData\Local\Temp\acfpdfui.dll
C:\Users\Gil\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Gil\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Gil\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Gil\AppData\Local\Temp\cdintf.dll
C:\Users\Gil\AppData\Local\Temp\COMAP.EXE
C:\Users\Gil\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplatpwd.dll
C:\Users\Gil\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Gil\AppData\Local\Temp\RingCentralForWindows-7.4.1.exe
C:\Users\Gil\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gil\AppData\Local\Temp\sqlite3.dll
C:\Users\Gil\AppData\Local\Temp\xmllite.dll




==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2015-12-28 06:54


==================== End of FRST.txt ============================

 

[calebgroup]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-12-2015
Ran by Gil (2015-12-30 13:25:05)
Running from C:\Users\Gil\Desktop
Windows 8.1 (X64) (2014-02-17 13:29:17)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2509790399-2890906804-1317435896-500 - Administrator - Disabled)
Gil (S-1-5-21-2509790399-2890906804-1317435896-1001 - Administrator - Enabled) => C:\Users\Gil
Guest (S-1-5-21-2509790399-2890906804-1317435896-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2509790399-2890906804-1317435896-1005 - Limited - Enabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: AVG REMOVER (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{9B76DFD6-3EC5-900C-DE16-5A7CD5FA5132}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4492 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon MP Navigator 2.2 (HKLM-x32\...\MP Navigator 2.2) (Version: - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
Chrome Remote Desktop Host (HKLM-x32\...\{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}) (Version: 47.0.2526.18 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1001 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4649.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{2DDF3B89-F6B9-4BB4-8CC6-FF1D7CD820AE}) (Version: 4.17.1.0 - Domit LTD)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Pamela Pro 4.9 (HKLM-x32\...\Pamela) (Version: 4.9 - PamConsult GmbH)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PrettyMay Call Recorder for Skype - Basic 4.0.0.226 (HKLM-x32\...\PrettyMay Call Recorder for Skype - Basic) (Version: 4.0.0.226 - PrettyMay,Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickBooks (x32 Version: 25.0.4008.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4005.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RingCentral for Windows (HKLM-x32\...\{34F9E480-B5E2-4B0C-9E61-F68A4A57DC82}) (Version: 7.4.1.17562 - RingCentral)
RingCentral Softphone (HKLM-x32\...\{52F10407-8CF3-4EEB-8D4A-9AA02AE861FC}) (Version: 6.04.001.50 - RingCentral, Inc)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
SugarSync (HKLM-x32\...\SugarSync) (Version: 3.7.0.14.141281 - SugarSync, Inc.)
SureFire 2013 (HKLM-x32\...\{CAF71211-7E4A-4FE1-9B9B-C3BB65584515}) (Version: 28.00.00 - CCH Small Firm Services)
Sure-Fire 2014 (HKLM-x32\...\{A695E67A-FF15-44CA-9F9D-97F50625B81E}) (Version: 29.00.00 - CCH Small Firm Services)
Sure-Fire Assistant (HKLM-x32\...\{D32D69C5-F4E2-4D50-B93C-A758D382F240}) (Version: 3.00 - Sure-Fire Taxes)
SureFirePaperlessSetup (HKLM-x32\...\{D16D75D9-E802-4D4A-A285-1C5EBEED68A6}) (Version: 1.0.0 - Sure-Fire Taxes)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TaxWise 2011 (HKLM-x32\...\{78C44E91-3C5B-4123-9DC1-CBE9F2AF3D38}) (Version: 26.13.00 - CCH Small Firm Services)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.3 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Gil\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Gil\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gil\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0DEE5636-E2AE-4E3F-925D-B59C2FF61109} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {23EFBC58-BB83-4AD6-A817-DB2E37119C1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {27BA9224-892F-4CD4-9584-1D2156D19FED} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {2D3DD43B-8787-40B9-A921-E8108946D122} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-24] (HP Inc.)
Task: {37382A60-1AC5-40F0-B32C-3C185CD60BEF} - System32\Tasks\G2MUploadTask-S-1-5-21-2509790399-2890906804-1317435896-1001 => C:\Users\Gil\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3AF88653-D51B-4017-9E80-512F925EECAA} - System32\Tasks\HPCeeScheduleForGil => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {475F7F93-E6B4-4568-AD85-EE9051A0D295} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA => C:\Users\Gil\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {4CF4B064-1C1F-4CF0-8622-EC23865FA3D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5949BEF5-3EA0-4988-996D-1BFEB1D59129} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-09-01] (Microsoft Corporation)
Task: {7231AF3C-115F-48E7-9E58-A02472C71790} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7235C7AA-B538-469B-903C-87D66CB07B3E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-15] (Microsoft Corporation)
Task: {796F8EE1-0279-460B-8348-329A0539FA35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7C80D4D9-561F-47B0-B8D2-22EC0D93768B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2509790399-2890906804-1317435896-1001 => C:\Users\Gil\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {823A2670-6724-4DA2-AE2E-5120914BEF4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {86B849C7-E1CC-475F-B395-6995E5F2FF79} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {875A4EE2-88EC-4C6A-B9C9-6B8A65FBF6FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {89993298-C2C0-4893-B6FF-964772F0335C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core => C:\Users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8C6CE1A1-355B-467C-9C91-A299B141BE24} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8F2EBDC1-D1C0-4875-9883-AC8A7FC23062} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-11] (Microsoft Corporation)
Task: {98F16064-21F7-4DED-93A5-B13214A714D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-24] (HP Inc.)
Task: {9AFC1323-A8F6-49FB-9DD6-416659484CEC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2509790399-2890906804-1317435896-1001 => C:\Users\Gil\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-11] (Microsoft Corporation)
Task: {A46DF5BD-81B6-4E96-81A3-DCCA66F04AF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B09436EB-881F-475D-907C-0F8B007BDBFE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core => C:\Users\Gil\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {B3572BAA-AD53-41CF-8D8C-4AFA96CDD258} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C30697E3-59A3-464A-AC79-EF6DE97A535E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C5EE296E-4B31-42FD-9430-9729F0604DED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-09-01] (Microsoft Corporation)
Task: {D17A0FE3-B256-4B19-B7D9-FB837F8D0EE2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {EBB72E6B-6359-4D4E-96E0-B6092801938D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {F189135D-A0FF-4832-ADA1-208D73E17ADF} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {F35A9989-F111-4846-A678-DBF20C38D99E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA => C:\Users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD8E7082-9A02-4C9F-A88C-4D8979963369} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core.job => C:\Users\Gil\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA.job => C:\Users\Gil\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2509790399-2890906804-1317435896-1001.job => C:\Users\Gil\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2509790399-2890906804-1317435896-1001.job => C:\Users\Gil\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001Core.job => C:\Users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2509790399-2890906804-1317435896-1001UA.job => C:\Users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGil.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-16 12:41 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-22 17:50 - 2013-01-22 17:50 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-08 18:07 - 2013-03-12 09:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 00:53 - 2013-03-13 00:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00052736 _____ () C:\Program Files (x86)\SugarSync\librsync.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00769024 _____ () C:\Program Files (x86)\SugarSync\libGLESv2.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00875008 _____ () C:\Program Files (x86)\SugarSync\platforms\qwindows.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00047104 _____ () C:\Program Files (x86)\SugarSync\libEGL.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00021504 _____ () C:\Program Files (x86)\SugarSync\imageformats\qgif.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00020992 _____ () C:\Program Files (x86)\SugarSync\imageformats\qico.dll
2015-04-30 13:45 - 2015-09-28 17:11 - 00204800 _____ () C:\Program Files (x86)\SugarSync\imageformats\qjpeg.dll
2015-07-24 20:16 - 2015-07-24 20:16 - 00341337 _____ () C:\Program Files (x86)\RingCentral for Windows\libmpg123-0.dll
2014-12-05 20:38 - 2014-12-05 20:38 - 00055296 _____ () C:\Program Files (x86)\RingCentral for Windows\libEGL.dll
2014-12-05 20:37 - 2014-12-05 20:37 - 01405952 _____ () C:\Program Files (x86)\RingCentral for Windows\libGLESv2.dll
2014-12-05 20:54 - 2014-12-05 20:54 - 00012288 _____ () C:\Program Files (x86)\RingCentral for Windows\QtQuick.2\qtquick2plugin.dll
2014-12-05 20:55 - 2014-12-05 20:55 - 00776704 _____ () C:\Program Files (x86)\RingCentral for Windows\QtQuick\Controls\qtquickcontrolsplugin.dll
2014-12-05 20:55 - 2014-12-05 20:55 - 00012288 _____ () C:\Program Files (x86)\RingCentral for Windows\QtQuick\Window.2\windowplugin.dll
2014-12-05 20:56 - 2014-12-05 20:56 - 00053248 _____ () C:\Program Files (x86)\RingCentral for Windows\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-05 20:56 - 2014-12-05 20:56 - 00169472 _____ () C:\Program Files (x86)\RingCentral for Windows\QtQuick\Dialogs\dialogplugin.dll
2014-09-02 09:59 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-12-15 16:50 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-15 16:50 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-12-24 18:59 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Gil\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"


==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\sharepoint.com -> hxxps://5starinvesting.sharepoint.com


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gil\AppData\Local\Microsoft\Windows\Themes\Footpaths\DesktopBackground\paths8.jpg
DNS Servers: 10.1.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\StartupApproved\Run: => "RCUI"
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2509790399-2890906804-1317435896-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DE280BCD-8D52-40D7-978D-1BCAE9A0CA96}] => (Allow) LPort=1900
FirewallRules: [{52287E38-047F-44A4-96CB-8804878160C0}] => (Allow) LPort=2869
FirewallRules: [{59B7FFAB-6ECE-4916-9274-3A06732F359B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B680B36-F302-46B3-B731-226DCA985BD1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{64D89914-1E45-4B97-8510-A256304036D3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{0378760A-E65D-457C-ADAA-CC5919F00CB1}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6DBF0C45-D310-435D-B180-8564376B9D06}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{302D0308-DE68-46AB-BCF8-C847571B40C3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9FA13111-C840-4931-B39C-21BDCE935A10}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{49C937F1-0CC3-44FC-8DB0-F4330013A590}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C3B925BE-C0F4-4A4E-A02A-FD0C255A0E8A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E62C1068-7637-474F-BDFE-5E78BCCAFC41}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{8DDC90CF-1C38-4A48-91F6-03BE05761CA3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{AD31821B-231F-4D0E-A9B7-20A03765489D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{857809C7-253F-4C56-A092-CD8C04F23C5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{CE04AAF0-5DDA-4994-9DAD-34C321294694}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [UDP Query User{79EFFCFB-56AC-461B-94EB-CEB33A579F84}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [TCP Query User{012AB085-9764-40F9-8FE3-1EA2A69ACFF9}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Block) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [UDP Query User{EF702537-CC1A-4837-A3DE-CA12088083A0}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Block) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [TCP Query User{86975D06-1A4D-4B08-BADA-21330A947CFD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{927B28E4-A387-4920-B175-4BE51EBD743A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{15DF6277-E093-4D9B-A1EC-5F413E82630A}C:\program files (x86)\prettymaybasic\prettymay.exe] => (Allow) C:\program files (x86)\prettymaybasic\prettymay.exe
FirewallRules: [UDP Query User{71510DE9-6663-4744-93C6-6FD31BCB0925}C:\program files (x86)\prettymaybasic\prettymay.exe] => (Allow) C:\program files (x86)\prettymaybasic\prettymay.exe
FirewallRules: [{9E1216BA-A2FE-494E-B6EC-90C25CCA7FEC}] => (Allow) C:\Users\Gil\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C8B7629D-BCC1-422F-8415-555AD752B720}] => (Allow) C:\Users\Gil\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7BDE66FD-63FC-40FB-BB60-E3EEEFEB7C47}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{83CD6FE7-891F-46F0-8146-31F31A2ADEE2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4AB4EDC3-8EA0-4FDF-AAD8-E76CA8CB3542}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{84B2BAA8-AC47-490B-B4F4-7D79A67D1DDD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{92585651-BA01-43E6-8B0D-71C236D00C25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5358E8A1-CC10-4352-BEC1-4093CD3A0B1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AF39FAD2-A212-4A5C-B0AA-D6EA9778ACEC}C:\users\gil\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\gil\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2D321418-1E66-4F41-845E-2427DF9724AC}C:\users\gil\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\gil\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AA4E5EE6-F869-49FC-AC89-42DAD7AC3229}] => (Allow) C:\Users\Gil\AppData\Local\Temp\7zSD89B.tmp\SymNRT.exe
FirewallRules: [{873DC2B5-A43F-44A1-A070-08D289A8162B}] => (Allow) C:\Users\Gil\AppData\Local\Temp\7zSD89B.tmp\SymNRT.exe
FirewallRules: [{14E852E4-5146-483D-9F6D-CAB9800EF6DB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2EBA0793-479C-4DD7-8F9B-1E49DD991B26}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{D07C7957-8BDD-42CE-B92B-34C1CEBED129}C:\users\gil\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\gil\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [UDP Query User{2F7DBC06-46AB-4609-A53C-5D228AC78E32}C:\users\gil\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\gil\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [TCP Query User{E7688173-B2BB-460F-A5B0-7F20548AA9A9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5E9BC2AC-6687-4ABE-BEB0-C06F552131B8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{619F8FAB-0273-49F9-8D1F-DFA6A5ACBA1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CB34716-3B43-497D-A53E-DECF3FB58AEE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5CD2445-80C6-46CA-B239-FCD231312353}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{04ACC0F9-BF69-45CB-A7E4-06CC44110E10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6A1AB132-A7CB-44D8-809D-07B213632885}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
FirewallRules: [{C719EAB4-7BD8-40F1-867D-9F135AEC6311}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{54AC3292-6124-46D8-81C1-06AE20A40030}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2F510C1B-10A0-4CAD-8537-157F27EE86C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CE74A369-5F31-4552-8AD8-B8C480B97C9D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{23743212-BA72-4C9A-ADD9-87CA92923377}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{01D88390-2D70-4315-916B-FB786B696ED3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{373CE147-A312-43A2-950F-01CAFA474AF0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{727F113E-BA25-4E3E-90B4-11DE5646B432}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1FE4068B-D914-4328-AE65-3A5A54CB1CB6}C:\users\gil\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\gil\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{4FF8B008-0222-41E4-9822-27706286A04F}C:\users\gil\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\gil\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{2D4414FC-73B7-4C1D-81BB-BAA7F8AC311D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FB02942-2148-4214-928F-A246B2E5491B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DBC97360-7804-44C3-9965-0517655A4B47}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E14CF5B3-58BC-4D7C-9D5F-25D4C29309FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1A14B65A-C88B-4809-A86F-23A74F9D27F8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe


==================== Restore Points =========================


13-12-2015 19:58:03 HPSF Applying updates
21-12-2015 03:56:23 HPSF Applying updates
27-12-2015 19:41:21 HPSF Applying updates


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (12/30/2015 12:23:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35247859


Error: (12/30/2015 12:23:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35247859


Error: (12/30/2015 12:23:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Error: (12/30/2015 02:15:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22559187


Error: (12/30/2015 02:15:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22559187


Error: (12/30/2015 02:15:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Error: (12/29/2015 06:09:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1547


Error: (12/29/2015 06:09:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1547


Error: (12/29/2015 06:09:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Error: (12/29/2015 12:39:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1578




System errors:
=============
Error: (12/30/2015 01:25:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%127


Error: (12/30/2015 01:25:09 PM) (Source: DCOM) (EventID: 10010) (User: GILOFFICEPC)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}


Error: (12/30/2015 01:23:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%127


Error: (12/30/2015 01:23:09 PM) (Source: DCOM) (EventID: 10010) (User: GILOFFICEPC)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}


Error: (12/30/2015 01:21:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%127


Error: (12/30/2015 01:21:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}


Error: (12/30/2015 01:19:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%127


Error: (12/30/2015 01:19:09 PM) (Source: DCOM) (EventID: 10010) (User: GILOFFICEPC)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}


Error: (12/30/2015 01:17:24 PM) (Source: DCOM) (EventID: 10010) (User: GILOFFICEPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Error: (12/30/2015 01:17:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%127




CodeIntegrity:
===================================
Date: 2015-04-27 19:55:37.287
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2015-04-27 18:11:20.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2015-04-27 17:49:58.969
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2015-04-27 17:31:48.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2015-04-27 15:54:44.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




==================== Memory info ===========================


Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 7637.57 MB
Available physical RAM: 4960.59 MB
Total Virtual: 11221.57 MB
Available Virtual: 7236.39 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:911.76 GB) (Free:822.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.93 GB) (Free:2.19 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 213F59C9)


Partition: GPT.


==================== End of Addition.txt ============================

 

[BrianDrab]

Thanks. Please do the following.

Step#1 - DISM /RestoreHealth Scan
Warning:this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Right-click on the Start
   
   button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
   Dism /Online /Cleanup-Image /RestoreHealth
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter. If prompted to overwrite the existing file go ahead.
   copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
   
4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload to this thread.
   Please Note:: if the file is too big (over 7MB) to upload to your next post, please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

[calebgroup]

The file sizes are pretty small, so i am not sure if I messed something up.

 

[BrianDrab]

That worked. Please do the following.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Step#2 - DISM /RestoreHealth Scan
Warning:this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Right-click on the Start
   
   button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
   Dism /Online /Cleanup-Image /RestoreHealth
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter. If prompted to overwrite the existing file go ahead.
   copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
   
4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload to this thread.
   Please Note:: if the file is too big (over 7MB) to upload to your next post, please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

---

Items for your next post
1. SFCFix.txt
2. CBS.txt

 

[calebgroup]

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-12-31 09:37:18.036
Microsoft Windows 8.1 Update 2 - amd64
Using .zip script file at C:\Users\Gil\Desktop\SFCFix.zip [0]








PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB
Successfully took permissions for file or folder C:\WINDOWS\Winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.17031_none_931abcad34b90222


Successfully copied file C:\Users\Gil\AppData\Local\niemiro\Archive\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB to C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB.
Successfully copied file C:\Users\Gil\AppData\Local\niemiro\Archive\Winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.17031_none_931abcad34b90222\inetcpl.cpl to C:\WINDOWS\Winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.17031_none_931abcad34b90222\inetcpl.cpl.


Successfully restored ownership for C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB
Successfully restored permissions on C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB
Successfully restored ownership for C:\WINDOWS\Winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.17031_none_931abcad34b90222
Successfully restored permissions on C:\WINDOWS\Winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.17031_none_931abcad34b90222
PowerCopy:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-12-31 09:37:20.347
Script hash: jsJarOHvVg0WSxHTylquK8LAKMdi27z64FXM8b0Ueps=
----------------------EOF-----------------------

 

[calebgroup]

here is the cbs.txt fileView attachment cbs.txt

 

[BrianDrab]

Thanks.

Please do the following.

Remove Update Manually
1. Right-click on the Start

button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
wusa /uninstall /KB:2959977

3. Let me know if it says it was successful or if there are any errors.

 

[calebgroup]

I can't tell if it was successful of not. I am back at the prompt though and there are no errors that I can see.

At first, the screen was stuck with the screen shot I attached. so i cancelled it, but its seemed to go through the 2nd time.

 

[BrianDrab]

One of two messages should come up if done properly. You didn't get either?

 

[calebgroup]

The bottom message came up. Yes.

 

[BrianDrab]

Got it. And you answered Yes but didn't know if it was successfully uninstalled. Understood.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Step#2 - DISM /RestoreHealth Scan
Warning:this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Right-click on the Start
   
   button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
   Dism /Online /Cleanup-Image /RestoreHealth
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter. If prompted to overwrite the existing file go ahead.
   copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
   
4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload to this thread.
   Please Note:: if the file is too big (over 7MB) to upload to your next post, please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

---

Items for your next post
1. SFCFix.txt
2. CBS.txt

 

[calebgroup]

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-12-31 14:02:40.712
Microsoft Windows 8.1 Update 2 - amd64
Using .zip script file at C:\Users\Gil\Desktop\SFCFix.zip [0]








PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB


WARNING: File C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB was not backed up as that would replace the current backup.
Successfully copied file C:\Users\Gil\AppData\Local\niemiro\Archive\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB to C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB.


Successfully restored ownership for C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB
Successfully restored permissions on C:\WINDOWS\Winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.16384_none_9590ba64d5b91f79\Amd64\CNBJ2530.DPB
PowerCopy:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-12-31 14:02:41.450
Script hash: Vp8fmOaFllKH32OrjAspvOaLBZSyBssPz+9Wam3Uu2Y=
----------------------EOF-----------------------

 

[calebgroup]

Here is the CBS,txt file

 

[BrianDrab]

Looks better. I'd like one more log please.

SFC Scan
1. Right-click on the Start

button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
sfc /scannow

3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

4. Once this has completed please go to your Desktop and you will find CBS.txt => Right-click on this file and choose Send To...Compressed (zipped folder). Please upload this zipped file CBS.zip to this thread

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.