Welcome to Smokey's Security Forums.
Guests only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

This ransomware-spreading botnet will now screengrab your desktop too

Attackers behind one of the world's most notorious botnets have added another string to their bow, allowing them to take screenshots of the desktops of victims infected with malware.

This ransomware-spreading botnet will now screengrab your desktop too

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: keyboard changes  (Read 1071 times)

0 Members and 1 Guest are viewing this topic.

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #17 on: March 15, 2017, 10:25:47 AM »
 ;)

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3410
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: keyboard changes
« Reply #16 on: March 15, 2017, 12:35:37 AM »
Hi handbaggirl

Thank you for the donation to Smokeys.
It really is appreciated.

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #15 on: March 13, 2017, 10:19:56 PM »
will do tomorrow thanks again :yeah:

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3410
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: keyboard changes
« Reply #14 on: March 13, 2017, 09:54:01 PM »
That's good to hear.

FRST can now be removed:

Right click on the FRST icon and select delete.
Right click on any fixlog.txt or fixlist.txt files and select delete.
Navigate to: C:\frst and delete the frst folder

Glad I was able to help.

Safe surfing.

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #13 on: March 13, 2017, 09:35:07 PM »
Hi, yes thanks all seems okay, so fingers crossed, many thanks for your time and effort ,its appreciated ;) ;)

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3410
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: keyboard changes
« Reply #12 on: March 13, 2017, 09:28:41 PM »
Hi,

Quote
Java removed and the new one installed

  :thumbsup1:

This system I'm using is Win10 Home and is fairly stable.
Another system runs the Win10 preview and that does give me a few headaches from time to time.
and yes, I do see quite a few issues that people have with Win10.
I don't think it's always the Win10 it self..... I think sometimes it may well be down to the other programs that people have installed that conflict with the Operating System.

Is everything running ok now?

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #11 on: March 13, 2017, 08:30:24 PM »

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #10 on: March 13, 2017, 07:01:15 PM »
Java removed and the new one installed, yes i did read about the shortcut that could have changed the language, may have happened by accident. The oddity of not getting to sign into windows was weird, i would have expected it to say, incorrect password as my keyboard had changed, but it said, preparing windows, then when i wasnt allowed to sign in ,it gave the option box....signing out and back in may solve this problem...it didnt , however , even before i applied your fix, sign in went as normal, maybe the whole thing is windows 10 being its quirky self,,,well i hope so

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3410
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: keyboard changes
« Reply #9 on: March 13, 2017, 06:53:13 PM »
Hi handbaggirl

Quote
i originally had another one in and when i saw the problem i swapped it with the one i have in now just in case the original had a problem

 Good idea..... you never know.

A quick apology for an incorrect statement I made yesterday when I said:
Quote
The keyboard problem and the locality problem may not be related.
It could just be a coincidence.

 I meant to say.... The malware problem and the locality problem may not be related.
The reason for the coincidence could be that most keyboards have a keyboard shortcut to change the locality.
Normally this would be Left Alt + Shift.  (although on some keyboards it can be Right Alt + Shift )
You may have inadvertently pressed this combination and changed the locality.
or it could have been a stuck key and when you pressed the other key it kicked in the combination.

Let me know how the Java update goes.

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #8 on: March 13, 2017, 10:23:45 AM »
have re run the tool , will now sort Java out

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #7 on: March 12, 2017, 09:40:00 PM »
thanks, its a usb, i originally had another one in and when i saw the problem i swapped it with the one i have in now just in case the original had a problem, i will do what you asked tomorrow as im on the laptop at the moment and not the desktop, i did try the other day to update Java but it wouldnt download, thanks

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3410
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: keyboard changes
« Reply #6 on: March 12, 2017, 09:29:37 PM »
Hi handbaggirl

I've added the reports to your posts as they are a lot easy to read like this.

There is no malware showing in the reports, but there are some issues we should deal with.

Quote
its a desktop

The keyboard problem and the locality problem may not be related.
It could just be a coincidence.
Is the keyboard a usb type or a wireless type?

Step 1
Avira has left some parts behind, these should be removed:
Please uninstall the following:
Avira Connect
Avira Phantom VPN
Avira System Speedup


I also recommend that  McAfee Security Scan Plus is removed.
You really don't need this.

QuickTime 7
Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.



Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Owner\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.



The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of  Java SE 8u121 and save it to your desktop.
  • Scroll down to where it says "Java SE 8u121".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select Windows x64 offline  from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
.

In your next reply, please submit: 
Fixlog.txt

Although you need to uninstall the leftovers from Avira, I've also added some Avira items to the fix.
If they are not removed by the program uninstall... the fix should get them.


Thanks.

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #5 on: March 12, 2017, 04:09:46 PM »
its a desktop

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #4 on: March 12, 2017, 03:55:42 PM »
addition txt thanks for helping

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Owner (11-03-2017 18:49:43)
Running from C:\Users\Owner\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-05 09:24:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1904605181-2525552337-1932226013-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1904605181-2525552337-1932226013-503 - Limited - Disabled)
Guest (S-1-5-21-1904605181-2525552337-1932226013-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1904605181-2525552337-1932226013-1016 - Limited - Enabled)
Owner (S-1-5-21-1904605181-2525552337-1932226013-1000 - Administrator - Enabled) => C:\Users\Owner
Rosie (S-1-5-21-1904605181-2525552337-1932226013-1017 - Administrator - Enabled)
Stewart (S-1-5-21-1904605181-2525552337-1932226013-1003 - Administrator - Enabled) => C:\Users\Stewart

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Avira Connect (HKLM-x32\...\{7b509672-8eb5-466b-b85a-482e26ccc500}) (Version: 1.2.81.30631 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.30631 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.6.1.20906 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.3.0.4727 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX218 Series Manual (HKLM-x32\...\EPSON SX218 Series Manual) (Version:  - )
EPSON SX218 Series Printer Uninstall (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 56.0.2924.87 - Google, Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
LibreOffice 5.0.0.5 (HKLM-x32\...\{48806D1D-C8D3-4235-8893-D5A03BAFC307}) (Version: 5.0.0.5 - The Document Foundation)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
MozyHome (HKLM\...\{88AE47C9-A9D2-E89D-C165-573D8015336D}) (Version: 2.28.0.421 - Mozy, Inc.)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.0.0.12 - SEIKO EPSON CORPORATION) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shopandscan (HKLM-x32\...\{0AE44DE7-5B32-4151-8272-0FA6DAF800E8}) (Version: 1.0.0 - Kantar WorldPanel)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Informer 1.3.1092.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Spotify (HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Spotify) (Version: 0.9.10.21.g22fbdb39 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports  (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {080DAE31-C2FF-4DD3-B4DD-2DC832445899} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {143323AE-69B9-4EAF-84DA-226B0ABB8AFD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-11] (AVAST Software)
Task: {2C60F51D-1BD7-4C0D-82E3-CCF977B9FE6B} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Stewart\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {317DF42E-2BBA-4F6F-90F6-6D51AE061449} - System32\Tasks\HPCeeScheduleForStewart => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3E167F69-BCFD-46E5-A481-3E3E3413FDF9} - System32\Tasks\{863D7BF7-A5DC-4248-A7B8-3740C7C323D3} => pcalua.exe -a C:\Users\Owner\Downloads\mozysetup.exe -d C:\Users\Owner\Downloads
Task: {445BFD04-E092-4632-871A-BBB8655224A7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {44A68A1B-E3CC-44A8-A067-E52DDCE14A5B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {57B926A1-DB4C-4F4F-8BB7-96EBC006F0AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {5B859CA3-8A92-4D58-B397-C5E89CA169B2} - System32\Tasks\Opera scheduled Autoupdate 1403607630 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {5C742877-D514-45FF-944E-CF1CAA8314B5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {620E9363-C31B-49BA-BAF2-E07BD00C77EB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {65A40BCE-9004-4EB9-AA17-4A492BB470ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {65DDF81F-103E-4F12-9989-FFE91D377279} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-03-02] (Avira Operations GmbH & Co. KG)
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {6652C984-87ED-4C59-B5C1-7572F0CC1F76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {6AED8583-4C1A-4DE9-B22E-82D8790A2669} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7202CACF-6886-4162-825A-A4BBDC7E2D80} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {74909D8C-FD96-414A-AF32-240747D5563B} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-05-23] (Informer Technologies, Inc.)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7710E920-0C9B-4D24-A118-87C8FB5ED1DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7747B4FC-9DE8-43AB-B8A3-98E4101EAF4B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {778179E1-0703-478E-B138-7AC40062E1DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {77D1D506-4249-4A3C-BA3B-A566F0B27752} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-11] (Adobe Systems Incorporated)
Task: {7DEF2A61-CF89-4F05-9125-A55D69BF2D03} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {89CF3DB8-0D29-4DD5-A76F-9C7984E756DC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {93FAE34F-EE71-49B6-87DD-AA429E595F94} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9C7EEECF-109B-4776-B41B-F8AA33F193AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A4DEE7A7-47A8-49C2-A7AA-BA97BBE6E376} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A54C3CA4-4433-4CC3-A90C-49CC7689621F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {AC8EF630-0758-45AA-ADC1-4F4E4A29C9BD} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-03-02] (Avira Operations GmbH & Co. KG)
Task: {AF21DDFD-5E5B-48D9-A6F1-4BDF0E859EDD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B15CE90E-CD3C-42D0-95A5-7FA1037F95C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B9955C5E-E93F-444B-B8CD-73F272219BD3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BCCD7AD0-3230-4CF2-868C-C5BC05CCF799} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C3956D08-C56F-4515-ACF4-448DBCD57202} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C97C6BA7-283E-40D8-BD48-9C468E422A9F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CBDFD227-9405-4D43-981B-B00CF03904BD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {CF978203-292E-4FF2-BD5D-AEAD6EA3994D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-11] (AVAST Software)
Task: {D4E0722D-CF55-4420-BF49-F4626443F361} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {D69D2191-FFDF-4F8E-AB92-DB939C0990B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DCE0B48B-7A0D-4A38-A829-8EE3DED4CBDB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {EDA8B1A3-640F-4085-B6AC-5C9D840BD0BC} - System32\Tasks\SafeZone scheduled Autoupdate 1489239393 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F581CE70-E801-408D-986D-42F94837B0C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FC2E0582-C821-4FD1-842F-6F51022E3D45} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForStewart.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 14:36 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-01 20:00 - 2017-03-09 01:16 - 00112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-14 14:36 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-05 17:41 - 2016-10-05 17:41 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:43 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 11:43 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:43 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:43 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:43 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:43 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:43 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-11 18:30 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-11 18:30 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-11 10:49 - 2017-03-06 20:59 - 00807232 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-11 10:50 - 2017-02-09 02:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-11 10:50 - 2017-02-09 02:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-11 10:50 - 2017-02-09 02:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-11 10:50 - 2017-02-09 02:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-11 10:48 - 2017-03-06 21:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-11 10:50 - 2017-02-09 02:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-11 10:48 - 2017-03-06 21:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-11 10:48 - 2017-03-06 21:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-11 10:49 - 2017-02-09 02:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-11 10:49 - 2017-02-09 02:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-11 10:49 - 2017-02-09 02:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-11 10:50 - 2017-02-09 02:22 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-11 10:49 - 2017-02-09 02:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-11 10:49 - 2017-02-09 02:22 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-11 10:48 - 2017-03-06 21:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-11 10:50 - 2017-02-09 02:21 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-11 10:48 - 2017-03-06 21:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-11 10:50 - 2017-02-09 02:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-11 10:49 - 2017-02-09 02:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-11 10:49 - 2017-03-06 21:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-03-11 10:49 - 2016-12-02 21:44 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-03-11 10:49 - 2017-03-06 21:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-11 10:49 - 2017-02-09 02:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-11 10:49 - 2017-02-09 02:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-11 10:49 - 2017-03-06 21:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-11 10:49 - 2017-03-06 21:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-11 10:50 - 2017-02-09 02:22 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-11 10:50 - 2017-03-06 21:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-11 13:20 - 2017-03-11 13:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-11 13:21 - 2017-03-11 13:21 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-11 13:19 - 2017-03-11 13:19 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-11 13:20 - 2017-03-11 13:20 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-02-02 15:22 - 00000846 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\picasabackground-007.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B8093061-B0AE-4C99-84BD-F5FCC3A54B23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81CFD2A2-01A7-4896-8A55-D20F15E461AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{489AAA60-28E3-4FF6-8FE4-C346FF3C8B4A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{CC30F669-E577-4E35-A83B-13338C07295C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{CC10C556-D8DD-438A-8EF6-989817F8429D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5BD26402-707D-4AB3-AB10-A16E757FF5A0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0B2FE173-9447-430F-9121-D04F320B34AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3ECE13AE-6C81-4C85-BCB5-6FF683499346}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2C39F08E-7E2A-472F-8074-FC7F62E26E31}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AEC927C1-F9EF-4E72-A848-51991C495EE6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2067694B-EE31-4B30-BDF6-D1F41D0F56C5}] => (Allow) LPort=1900
FirewallRules: [{35CA0142-E5E5-440F-A4F5-DCC0AB6FF2B7}] => (Allow) LPort=2869
FirewallRules: [{1757A7CF-E33A-417D-A747-B45404E59DEE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D120C4B6-E2C5-4D0D-8A11-FB6E585CB263}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{DFBFA3CB-D98D-4DF6-8304-3358B181991B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{64F7C520-10E2-4689-8570-AA2A3243C9E5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{8D363BFF-E839-4E72-BE0E-66410848D5DA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{FBF737DA-4986-44E8-846B-67E220841E88}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{4829E1E2-4FF9-47BA-B58D-7FE1160D7F53}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [TCP Query User{339DCEBD-ED86-4854-991A-CDE984AC1E93}C:\users\stewart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stewart\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5B9D21B3-E2CB-4545-BFFA-E1E090B58722}C:\users\stewart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stewart\appdata\roaming\spotify\spotify.exe
FirewallRules: [{930D91EB-A9A4-44DE-81A5-F0D980379172}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A4ABFB5-3032-4975-8F8E-0EC2A632F42F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C18C1E8-DA05-4E65-A01A-4AB516203C11}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{ECC6386A-3E3D-4CBF-9CCA-FE31D23DDDB6}C:\users\stewart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stewart\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2D7D3529-711D-4C65-A225-751AD2443986}C:\users\stewart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stewart\appdata\roaming\spotify\spotify.exe
FirewallRules: [{19BA5E42-A784-43AC-80EE-75FD8BA2991E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B97ECD3E-D578-4723-95F8-C00D4603BC43}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{BBDDB0F4-B1C5-4FC1-A832-5E472FB01602}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{03A0C77A-2D31-4FD8-8D8F-8F16111D7442}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{ADB5F745-BAC5-4CFB-B568-F7466DBB9A02}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{22EA7A5F-F008-428C-8FDC-E319498D0AF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{677CC203-8F2D-475A-AF8B-7D98E147AA38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA1B0B52-4C30-4959-A69D-EA3DDA4C0A31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19F1E3C7-A158-4B71-8048-9D8E0DD86BBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B08DC2-5932-40DB-9756-574ACF816469}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

04-03-2017 11:32:05 Scheduled Checkpoint
10-03-2017 14:44:06 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 03:15:46 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: OWNER-HP)
Description: Application or service 'Windows Explorer' could not be shut down.

Error: (03/11/2017 02:57:21 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating (unknown) status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/11/2017 02:57:21 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating (unknown) status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/11/2017 01:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Exception code: 0xc0000417
Fault offset: 0x0001280a
Faulting process id: 0x500
Faulting application start time: 0x01d29a6b322bf81e
Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Report Id: 832d9851-ecb6-44ff-8ff8-f5f6bbeec6be
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 01:11:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (03/11/2017 01:09:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Exception code: 0xc0000417
Fault offset: 0x0001280a
Faulting process id: 0x4c4
Faulting application start time: 0x01d29a68ba7ee86e
Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Report Id: a639e268-6b4b-40b9-b77b-9073200c1301
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 11:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-HP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/11/2017 11:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-HP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/11/2017 11:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-HP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/11/2017 11:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-HP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/11/2017 01:28:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/11/2017 01:28:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpeedupService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/11/2017 01:28:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SpeedupService service to connect.

Error: (03/11/2017 01:28:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AviraPhantomVPN service to connect.

Error: (03/11/2017 01:28:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira.ServiceHost service to connect.

Error: (03/11/2017 01:27:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2017 01:13:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 01:13:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/11/2017 01:09:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
  Date: 2017-02-02 16:34:41.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:41.087
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:41.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:41.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:40.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:40.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:40.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:40.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:40.715
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-02 16:34:40.710
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 67%
Total physical RAM: 6048.81 MB
Available physical RAM: 1995.6 MB
Total Virtual: 6658.07 MB
Available Virtual: 1371.64 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.74 GB) (Free:1747.27 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5FD11AEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1850.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

handbaggirlTopic starter

  • Forum Friend
  • *
  • Offline Offline
  • Posts: 12
Re: keyboard changes
« Reply #3 on: March 12, 2017, 03:54:01 PM »
thanks run this last night, nothing found here are the results

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Owner (administrator) on OWNER-HP (11-03-2017 18:48:10)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Stewart & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Config.Msi\62048e.rbf
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-06-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [72080 2017-03-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-11] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-03-11] (SUPERAntiSpyware)
HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1251328 2014-05-23] (Informer Technologies, Inc.)
HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [EPSON SX218 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-04-10] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-11] (AVAST Software)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-08-09]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-03-11]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Stewart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-03-11]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07ba04b6-b829-4224-ab27-a880522a83ca}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{57c485b1-a244-46d1-af95-ba8b6c2d50c5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{96a37f9d-7fab-4c03-893f-14c33a35a280}: [DhcpNameServer] 192.168.224.1

Internet Explorer:
==================
HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DA9DD0C3-B216-458C-9519-18C3AAC92732} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {DA9DD0C3-B216-458C-9519-18C3AAC92732} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> {DA9DD0C3-B216-458C-9519-18C3AAC92732} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-24] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-24] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-1904605181-2525552337-1932226013-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xo5p0oau.default [2017-03-11]
FF Extension: (iCloud Bookmarks) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xo5p0oau.default\Extensions\firefoxdav@icloud.com [2016-10-21]
FF Extension: (Pin It Button) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xo5p0oau.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-10-11] [not signed]
FF Extension: (WOT) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xo5p0oau.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKU\S-1-5-21-1904605181-2525552337-1932226013-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-11] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-02]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-02]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-02]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-02]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-02]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-02]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-02]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-02]
CHR Extension: (CPDD-Blossom) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon [2017-02-02]
CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2014-07-09]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-03-11] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-11] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349048 2017-02-22] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [310152 2017-02-10] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55112 2014-05-30] (Mozy, Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703584 2011-09-16] (SEIKO EPSON CORPORATION)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [80704 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-03-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-03-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-03-11] (AVAST Software)
S1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-03-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-03-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-03-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-03-11] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-03-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-03-11] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-03-11] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-11] (Malwarebytes)
R1 mozyFilter; C:\WINDOWS\System32\DRIVERS\mozy.sys [67808 2014-05-30] (Mozy, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-10] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-09-03] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.sys [14544 2017-03-11] (OpenLibSys.org)
U1 aswbdisk; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 18:48 - 2017-03-11 18:49 - 00034066 _____ C:\Users\Owner\Downloads\FRST.txt
2017-03-11 18:47 - 2017-03-11 18:48 - 00000000 ____D C:\FRST
2017-03-11 18:47 - 2017-03-11 18:47 - 02424320 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-03-11 18:30 - 2017-03-11 18:32 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-11 18:30 - 2017-03-11 18:30 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-11 18:30 - 2017-03-11 18:30 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-11 18:30 - 2017-03-11 18:30 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-11 18:30 - 2017-03-11 18:30 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-11 18:30 - 2017-03-11 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-11 18:30 - 2017-03-11 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 18:30 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-11 18:26 - 2017-03-11 18:29 - 57131432 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-11 15:21 - 2017-03-11 15:21 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-11 15:21 - 2017-03-11 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-11 15:21 - 2017-03-11 15:21 - 00000000 ____D C:\Program Files\iTunes
2017-03-11 15:21 - 2017-03-11 15:21 - 00000000 ____D C:\Program Files\iPod
2017-03-11 15:17 - 2017-03-11 15:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-03-11 15:17 - 2017-03-11 15:17 - 00000000 ____D C:\Program Files\Bonjour
2017-03-11 15:17 - 2017-03-11 15:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-11 15:17 - 2017-03-11 15:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-11 13:36 - 2017-03-11 13:36 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-03-11 13:36 - 2017-03-11 13:36 - 00004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1489239393
2017-03-11 13:36 - 2017-03-11 13:36 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-03-11 13:36 - 2017-03-11 13:36 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-11 13:29 - 2017-03-11 13:29 - 00000000 ___HD C:\OneDriveTemp
2017-03-11 13:22 - 2017-03-11 13:22 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-03-11 13:22 - 2017-03-11 13:22 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-11 13:22 - 2017-03-11 13:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2017-03-11 13:22 - 2017-03-11 13:22 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-11 13:21 - 2017-03-11 13:35 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-03-11 13:21 - 2017-03-11 13:22 - 00548928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-03-11 13:21 - 2017-03-11 13:21 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-11 13:21 - 2017-03-11 13:21 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-11 13:21 - 2017-03-11 13:21 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-11 13:21 - 2017-03-11 13:21 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-11 13:21 - 2017-03-11 13:21 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-11 13:21 - 2017-03-11 13:21 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-11 13:21 - 2017-03-11 13:21 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-11 13:21 - 2017-03-11 13:20 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-11 13:21 - 2017-03-11 13:19 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-03-11 13:21 - 2017-03-11 13:19 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-03-11 13:21 - 2017-03-11 13:19 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-03-11 13:21 - 2017-03-11 13:19 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-03-11 13:14 - 2017-03-11 13:36 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-11 13:13 - 2017-03-11 13:13 - 06656568 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online_a1c(1).exe
2017-03-11 13:07 - 2017-03-11 13:07 - 06656568 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online_a1c.exe
2017-03-11 11:18 - 2017-03-11 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-11 10:41 - 2017-03-11 10:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Avira
2017-03-11 10:16 - 2017-03-11 10:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-03-11 09:38 - 2017-03-11 09:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Avira
2017-03-11 09:37 - 2017-03-11 13:30 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-03-11 09:34 - 2017-03-11 09:34 - 00001115 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-03-11 09:32 - 2017-03-11 13:26 - 00000000 ____D C:\Program Files (x86)\Avira
2017-03-11 09:32 - 2017-03-11 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-11 09:32 - 2017-03-11 10:15 - 00000000 ____D C:\ProgramData\Avira
2017-03-11 09:32 - 2017-03-11 09:32 - 00001283 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-11 09:32 - 2017-03-11 09:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-11 09:25 - 2017-03-11 09:25 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-03-11 09:24 - 2017-03-11 10:37 - 00000000 ____D C:\Users\TEMP
2017-03-09 01:17 - 2017-03-09 01:17 - 12935296 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 01086408 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00975184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00558728 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00553424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00242800 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00206000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00051184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 13046920 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 10829448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 05925984 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 03529352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 03139208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00593544 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00560776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00536664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00460936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00458376 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457344 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00453768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00453768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00450184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00449160 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00447112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00446600 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00428680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00402568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00348808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00300128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00276064 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00206944 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00193160 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00160392 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00145032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2017-03-09 01:16 - 2017-03-09 01:16 - 00134280 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4459.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00119432 _____ C:\WINDOWS\system32\igdde64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00099464 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00043144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00027784 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2017-03-06 20:50 - 2017-03-06 20:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-02 13:00 - 2017-03-02 13:00 - 00014568 _____ C:\Users\Stewart\Documents\CapitalOne020317.odt
2017-02-10 18:42 - 2017-02-10 18:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 18:42 - 2017-02-10 18:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-10 10:36 - 2017-02-10 10:36 - 00035784 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 18:47 - 2016-10-05 08:54 - 00000000 ____D C:\Users\Owner
2017-03-11 18:47 - 2014-06-25 07:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Software Informer
2017-03-11 18:46 - 2014-07-21 07:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-03-11 18:41 - 2016-10-05 08:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-11 18:30 - 2014-07-14 10:16 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 18:30 - 2014-06-24 11:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-11 18:30 - 2014-06-24 11:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-11 15:22 - 2014-06-24 11:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-11 15:21 - 2016-06-23 17:16 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-03-11 15:21 - 2014-06-24 11:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-11 15:17 - 2014-06-24 11:22 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-11 15:16 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-11 15:05 - 2016-10-05 09:20 - 00003820 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-11 15:05 - 2014-06-24 18:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-11 15:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-11 15:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-11 13:46 - 2016-11-20 09:41 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-03-11 13:29 - 2014-06-24 11:08 - 00000000 ___RD C:\Users\Owner\OneDrive
2017-03-11 13:27 - 2016-10-05 09:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 13:27 - 2012-04-10 20:37 - 00000000 ____D C:\ProgramData\PDFC
2017-03-11 13:26 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-11 13:22 - 2015-08-10 16:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-11 13:09 - 2014-06-24 11:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-03-11 11:29 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-11 11:29 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-11 11:19 - 2015-08-16 12:22 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-11 11:18 - 2016-10-05 08:53 - 00000000 ____D C:\Users\DefaultAppPool
2017-03-11 10:37 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-11 10:35 - 2017-01-27 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-11 10:35 - 2016-10-05 17:04 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForStewart.job
2017-03-11 10:35 - 2016-10-05 08:46 - 00266928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-11 10:35 - 2014-07-02 14:28 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForOwner.job
2017-03-11 10:35 - 2014-06-24 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-11 10:35 - 2012-04-10 20:42 - 00000000 ____D C:\ProgramData\truesuite
2017-03-11 10:03 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-11 09:33 - 2016-12-17 10:25 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-11 09:24 - 2015-08-11 17:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-10 18:45 - 2016-11-19 18:07 - 00000000 ____D C:\Users\Stewart\AppData\LocalLow\Mozilla
2017-03-10 18:45 - 2015-08-11 17:41 - 00000000 ___RD C:\Users\Stewart\OneDrive
2017-03-10 18:44 - 2014-07-10 09:18 - 00000000 ____D C:\Users\Stewart\AppData\Roaming\Software Informer
2017-03-10 18:20 - 2015-11-03 15:03 - 00000000 ____D C:\Users\Stewart\AppData\Roaming\Spotify
2017-03-10 18:14 - 2014-06-24 11:41 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148916973153104
2017-03-10 18:02 - 2016-10-05 09:20 - 00003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForStewart
2017-03-10 16:49 - 2014-06-24 12:17 - 00069621 _____ C:\Users\Stewart\Documents\Di'sFolderThis ist the one.odt
2017-03-10 14:05 - 2015-11-03 15:06 - 00000000 ____D C:\Users\Stewart\AppData\Local\Spotify
2017-03-09 12:00 - 2016-10-05 09:20 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForOwner
2017-03-09 01:17 - 2015-06-01 20:01 - 13182528 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2017-03-09 01:17 - 2015-06-01 20:01 - 11460448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2017-03-09 01:17 - 2015-06-01 20:01 - 11330576 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 09025672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 05382856 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2017-03-09 01:16 - 2015-06-01 20:00 - 00463960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2017-03-09 01:16 - 2015-06-01 20:00 - 00420960 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2017-03-09 01:16 - 2015-06-01 20:00 - 00304264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2017-03-09 01:16 - 2015-06-01 20:00 - 00193112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2017-03-09 01:16 - 2015-06-01 20:00 - 00128648 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 00112264 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 00082056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2017-03-07 12:19 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-05 14:19 - 2014-05-30 08:23 - 00005404 _____ C:\WINDOWS\mozy.blk
2017-03-05 14:19 - 2014-05-30 08:23 - 00004524 _____ C:\WINDOWS\mozy.flt
2017-03-04 15:16 - 2015-08-11 17:41 - 00002415 _____ C:\Users\Stewart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-04 11:08 - 2015-08-11 17:23 - 00002409 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 14:11 - 2016-10-05 09:20 - 00003956 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1403607630
2017-03-02 14:11 - 2014-06-24 11:00 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-02 14:11 - 2014-06-24 11:00 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-25 09:06 - 2015-08-11 17:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2017-02-24 14:19 - 2014-06-28 09:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 14:16 - 2014-06-28 09:39 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-15 14:18 - 2014-07-09 17:38 - 06935040 ___SH C:\Users\Owner\Documents\Thumbs.db
2017-02-14 18:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-14 18:33 - 2015-09-26 10:53 - 00000000 ____D C:\Users\Stewart\AppData\Local\ElevatedDiagnostics
2017-02-12 16:58 - 2014-07-21 07:18 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2012-04-10 20:42 - 2011-06-09 23:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 15:38

==================== End of FRST.txt ============================
 

* Permissions
You can't post new topics.
You can't post replies.
You can post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle