Solved Lock Screen Opening Slowly as are all Pages

Blue Star · 2017/04/27

All pages are opening slowly, even lock screen. Please leave the Windows 7 Shell, unless there is something better. Thank you for everything you do... and Namaste to all angelic volunteers!!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Arwen (administrator) on THEONE (27-04-2017 13:42:28)
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen (Available Profiles: Arwen)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealDownloader\realdownloader264.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-10] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2017-03-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [738032 2017-03-14] ()
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [eyeBeam SIP Client] => C:\Program Files (x86)\CounterPath\X-Lite\x-lite.exe [23941120 2010-01-04] ()
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-10] (Google Inc.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Spark] => C:\Program Files (x86)\Spark\Spark.exe
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.scr [322248 2014-03-31] (Microsoft Corporation)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-10]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-18]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{5E936670-642F-4052-AA03-D47CB7323CAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{C98612F8-1E09-4913-9A71-55F75A0B2F56}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {5702548C-054D-441C-8D09-68ACF36AA8ED} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-03-14] (RealDownloader)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: No Name -> {0214754e-4e7d-4589-829d-e2523e6a3085} -> No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-03-14] (RealDownloader)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: No Name -> {65f159fb-5f5e-46f4-b45d-ccfa236d2073} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> No Name - {00011268-E188-40DF-A514-835FCD78B1BF} - No File
DPF: HKLM-x32 {03A89EFD-E023-B200-A22D-45F77558EB4C} hxxps://content10.invisionmeeting.com/download/AXCltInst11.dll
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {494DE545-6D3C-4F63-9D73-CF408AB248D9} hxxps://vanillasoft.net/binarys/amiTapiPro.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127 [2017-04-27]
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\kompozer.net\KompoZer\Profiles\jj4nfp63.default [2015-04-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-03-18] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arwen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/O1DPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin64 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://oibkikcneihjcakjbomejflolaijihln/newtab/newtab.html"
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default [2016-02-14]
CHR Extension: (Google Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-15]
CHR Extension: (Regex Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2015-04-13]
CHR Extension: (Google Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Google Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-04]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (FB UID Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfeilckipmpkmoblecjildbpgdjjpnj [2015-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-27]
CHR Extension: (Google Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Google Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Avast SafePrice) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-16]
CHR Extension: (Google Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-10]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-18]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-13]
CHR Extension: (FreeConferenceCall.com Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2017-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Login Faster) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oibkikcneihjcakjbomejflolaijihln [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Blue Star · 2017/04/27

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-03-28] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-10] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-14] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2017-03-18] (RealNetworks, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-03-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-28] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-03-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-28] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [85552 2017-03-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-10] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-10] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-17] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-27 13:42 - 2017-04-27 13:43 - 00033612 _____ C:\Users\Arwen\Downloads\FRST.txt
2017-04-27 13:41 - 2017-04-27 13:42 - 00000000 ____D C:\FRST
2017-04-27 13:41 - 2017-04-27 13:41 - 02427392 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64.exe
2017-04-27 13:41 - 2017-04-27 13:41 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (5).exe
2017-04-27 13:40 - 2017-04-27 13:40 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (4).exe
2017-04-27 13:37 - 2017-04-27 13:37 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (3).exe
2017-04-27 13:37 - 2017-04-27 13:37 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (2).exe
2017-04-27 13:36 - 2017-04-27 13:36 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (1).exe
2017-04-27 13:34 - 2017-04-27 13:34 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST.exe
2017-04-27 02:38 - 2017-04-27 02:38 - 00000000 ____D C:\Users\Arwen\AppData\LocalLow\Mozilla
2017-04-26 23:23 - 2017-04-26 23:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (2).exe
2017-04-26 23:23 - 2017-04-26 23:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (1).exe
2017-04-26 23:15 - 2017-04-26 23:15 - 00000000 ____D C:\Users\Arwen\Desktop\AIO Ideal Concepts
2017-04-26 12:40 - 2017-04-26 12:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-26 09:23 - 2017-04-26 09:24 - 00837814 _____ C:\Users\Arwen\Downloads\How To Register on the Humana Agent Portal.pdf
2017-04-25 11:50 - 2017-04-25 11:50 - 06392372 _____ C:\Users\Arwen\Downloads\one call close script 04.09.2017.pdf
2017-04-24 21:54 - 2017-04-24 21:54 - 00000000 ____D C:\Users\Arwen\Desktop\NSA _ 04.24.2017
2017-04-24 16:52 - 2017-04-24 16:52 - 00006160 _____ C:\Users\Arwen\Downloads\catalog-grade.pdf
2017-04-24 14:13 - 2017-04-24 14:13 - 01129376 _____ (Google Inc.) C:\Users\Arwen\Downloads\GoogleVoiceAndVideoSetup (1).exe
2017-04-19 21:08 - 2017-04-19 21:08 - 00082206 _____ C:\Users\Arwen\Downloads\03292017-1001336026615.pdf
2017-04-19 02:00 - 2017-04-19 02:00 - 00014661 _____ C:\Users\Arwen\Downloads\Resume for Tim and Kathy.odt
2017-04-19 00:56 - 2017-04-19 00:56 - 00526315 _____ C:\Users\Arwen\Downloads\2017 State by State Breakdown - ST (1).PDF
2017-04-18 22:40 - 2017-04-18 22:40 - 00022157 _____ C:\Users\Arwen\Downloads\Tax Extension 2016.pdf
2017-04-14 09:58 - 2017-04-14 09:58 - 00035084 _____ C:\Users\Arwen\Downloads\Ari Resume 29c _ 01.14.2017.pdf
2017-04-13 01:06 - 2017-04-13 01:06 - 00000000 ____D C:\Users\Arwen\AppData\Local\ESET
2017-04-13 01:05 - 2017-04-13 01:06 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu.exe
2017-04-12 13:10 - 2017-03-31 21:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-12 13:10 - 2017-03-31 21:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-12 11:27 - 2017-03-21 09:11 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-04-12 11:27 - 2017-03-21 09:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-04-12 11:27 - 2017-03-21 09:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-04-12 11:27 - 2017-03-21 09:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-04-12 10:43 - 2017-04-12 10:43 - 00526315 _____ C:\Users\Arwen\Downloads\2017 State by State Breakdown - ST.PDF
2017-04-12 10:22 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-12 10:22 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-12 10:22 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-12 10:22 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-12 10:22 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-12 10:22 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-12 10:22 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-12 10:22 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-12 10:22 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-12 10:22 - 2017-03-25 14:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-12 10:22 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-12 10:22 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-04-12 10:22 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-12 10:22 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-12 10:22 - 2017-03-25 13:12 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-04-12 10:22 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-12 10:22 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-12 10:22 - 2017-03-25 13:00 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-12 10:22 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-12 10:22 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-12 10:22 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-12 10:22 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-12 10:22 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-12 10:22 - 2017-03-25 00:43 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-12 10:22 - 2017-03-24 14:24 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-12 10:22 - 2017-03-14 15:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-12 10:22 - 2017-03-14 10:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-12 10:22 - 2017-03-14 10:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-12 10:22 - 2017-03-14 10:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-12 10:22 - 2017-03-14 10:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-12 10:22 - 2017-03-13 12:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-04-12 10:22 - 2017-03-12 11:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-12 10:22 - 2017-03-10 23:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-12 10:22 - 2017-03-10 23:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-12 10:22 - 2017-03-10 23:49 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-12 10:22 - 2017-03-10 23:49 - 00388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-12 10:22 - 2017-03-10 23:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-12 10:22 - 2017-03-10 23:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-12 10:22 - 2017-03-09 17:13 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-04-12 10:22 - 2017-03-07 19:25 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-12 10:22 - 2017-03-07 19:21 - 01212760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-12 10:22 - 2017-03-04 15:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-12 10:22 - 2017-03-04 15:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-12 10:22 - 2017-03-04 14:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-12 10:22 - 2017-03-04 12:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-12 10:22 - 2017-03-03 11:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-12 10:22 - 2017-03-03 11:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-12 10:22 - 2017-03-03 11:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-12 10:22 - 2017-03-03 11:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-12 10:22 - 2017-02-11 14:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-12 10:22 - 2017-02-11 13:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-12 10:22 - 2017-02-11 12:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-04-12 10:22 - 2017-02-11 12:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-04-12 10:22 - 2017-02-10 15:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-04-12 10:22 - 2017-02-10 10:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-04-12 10:22 - 2017-02-04 13:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-12 10:22 - 2017-02-04 13:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-12 10:22 - 2017-02-04 13:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-12 10:22 - 2017-02-01 15:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-04-12 10:22 - 2017-02-01 15:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-04-12 10:22 - 2017-01-18 22:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-12 10:22 - 2017-01-18 10:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-12 10:22 - 2017-01-18 10:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-12 10:22 - 2017-01-14 16:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-12 10:22 - 2017-01-14 15:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-12 10:22 - 2017-01-14 10:37 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-12 10:22 - 2017-01-12 12:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-04-12 10:22 - 2017-01-12 12:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-04-12 10:22 - 2017-01-12 02:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-04-12 10:22 - 2017-01-11 15:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-04-12 10:22 - 2017-01-11 13:28 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-04-12 10:22 - 2017-01-11 11:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-04-12 10:22 - 2017-01-10 18:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-04-12 10:22 - 2017-01-10 17:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-04-12 10:22 - 2017-01-10 16:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-04-12 10:22 - 2017-01-10 15:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-04-12 10:22 - 2017-01-10 15:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-04-12 10:22 - 2017-01-06 13:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-04-12 10:22 - 2017-01-06 13:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-04-12 10:22 - 2016-12-24 21:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-04-12 10:22 - 2016-12-24 21:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-04-12 10:22 - 2016-12-24 20:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-04-12 10:22 - 2016-12-24 20:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-04-12 10:22 - 2016-12-24 19:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-04-12 10:22 - 2016-12-09 04:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-04-12 10:21 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-12 10:21 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-12 10:21 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-04-12 10:21 - 2017-03-25 14:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-04-12 10:21 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-12 10:21 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-12 10:21 - 2017-03-13 12:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-12 10:21 - 2017-03-13 12:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-12 10:21 - 2017-03-13 12:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-12 10:21 - 2017-03-13 11:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-12 10:21 - 2017-03-13 11:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-12 10:21 - 2017-03-13 11:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-12 10:21 - 2017-03-09 17:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-12 10:21 - 2017-03-09 15:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-12 03:11 - 2017-04-12 03:11 - 00115742 _____ C:\Users\Arwen\Downloads\Receipt (1).pdf
2017-04-11 18:58 - 2017-04-11 18:58 - 00115742 _____ C:\Users\Arwen\Downloads\Receipt.pdf
2017-04-11 13:31 - 2017-04-10 20:19 - 00016090 _____ C:\Users\Arwen\Documents\legal%20shield%20stuff.odt_0.odt
2017-04-11 13:26 - 2017-04-11 13:26 - 00003824 _____ C:\Users\Arwen\Downloads\Medicare Agent Bookmarks.html
2017-04-11 13:20 - 2017-04-12 12:58 - 00000000 ____D C:\Program Files (x86)\iolo
2017-04-11 13:20 - 2017-04-11 14:44 - 00000000 ____D C:\ProgramData\iolo
2017-04-11 13:20 - 2017-04-11 13:20 - 00074703 _____ C:\WINDOWS\SysWOW64\mfc45.dat
2017-04-11 13:17 - 2017-04-11 14:39 - 00000000 ____D C:\ProgramData\WebEx
2017-04-11 13:17 - 2017-04-11 13:17 - 01021624 _____ (Cisco WebEx LLC) C:\Users\Arwen\Downloads\Cisco_WebEx_Add-On.exe
2017-04-10 20:17 - 2017-04-10 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-10 20:14 - 2017-04-10 20:14 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-27 13:40 - 2012-12-16 22:21 - 00000000 ____D C:\Users\Arwen\AppData\Local\CrashDumps
2017-04-27 13:37 - 2012-12-16 22:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3548505277-2733688421-2640094488-1001
2017-04-27 13:34 - 2012-09-04 03:05 - 00000000 ____D C:\ProgramData\WinClon
2017-04-27 13:29 - 2014-10-12 23:59 - 00000000 ___DO C:\Users\Arwen\OneDrive
2017-04-27 13:29 - 2013-07-08 15:31 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Skype
2017-04-27 13:25 - 2015-05-06 13:59 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Google
2017-04-27 13:23 - 2012-09-04 02:57 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-27 13:21 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-27 13:20 - 2013-01-22 13:05 - 00000000 ____D C:\Program Files\Google
2017-04-27 13:20 - 2013-01-22 13:02 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-27 13:19 - 2014-10-13 01:32 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF6E7FF6-A826-4FA6-A008-42C24AD91130}
2017-04-27 02:52 - 2012-09-04 03:10 - 00000000 ____D C:\ProgramData\Temp
2017-04-27 02:45 - 2016-02-16 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-27 02:45 - 2013-12-24 01:03 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\ClassicShell
2017-04-27 02:45 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-27 02:44 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-27 02:33 - 2013-01-22 13:02 - 00000000 ____D C:\Users\Arwen\AppData\Local\Google
2017-04-26 23:21 - 2016-07-12 17:47 - 00000000 ____D C:\Users\Arwen\Desktop\INSURANCE
2017-04-26 23:21 - 2016-05-19 09:49 - 00000000 ____D C:\Users\Arwen\Desktop\Lean Belly Breakthrough
2017-04-26 20:19 - 2013-07-12 13:33 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-26 13:11 - 2015-07-24 10:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-25 11:21 - 2012-09-04 02:57 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-24 12:07 - 2013-03-07 12:36 - 00000000 ____D C:\Users\Arwen\Desktop\ARI STUFF
2017-04-24 12:06 - 2015-09-29 16:30 - 00000000 ____D C:\Users\Arwen\Desktop\Jewelry Tutorials
2017-04-23 03:08 - 2015-05-21 07:31 - 00000000 ____D C:\Users\Arwen\Desktop\Biz Photos
2017-04-19 12:02 - 2014-10-12 23:12 - 00000000 ____D C:\Users\Arwen
2017-04-18 21:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-17 00:42 - 2015-05-02 15:02 - 00000000 ____D C:\Users\Arwen\Desktop\LegalShield
2017-04-16 11:00 - 2013-04-10 11:15 - 00000000 ____D C:\Users\Arwen\AppData\Local\ElevatedDiagnostics
2017-04-14 08:49 - 2015-01-04 15:13 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-14 08:48 - 2016-02-13 19:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 23:25 - 2014-09-24 03:15 - 00887272 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-12 23:25 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-04-12 13:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 13:12 - 2014-01-21 09:43 - 00000000 ____D C:\Users\Arwen\Desktop\JEWELS
2017-04-12 13:08 - 2013-08-22 10:44 - 00578384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-12 13:07 - 2013-06-30 02:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 13:07 - 2013-06-30 02:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 13:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-12 13:04 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-04-12 13:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-04-12 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-12 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 11:40 - 2013-08-02 19:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 11:36 - 2012-12-22 03:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 11:35 - 2013-06-30 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 11:31 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-12 03:06 - 2013-02-11 10:49 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 03:06 - 2013-02-11 10:49 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-12 03:05 - 2013-06-17 12:52 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-12 03:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-12 03:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:43 - 2016-07-12 16:33 - 00000000 ____D C:\ProgramData\EPSON
2017-04-11 14:40 - 2013-01-09 16:22 - 00000000 ____D C:\Users\Arwen\AppData\Local\Citrix
2017-04-11 13:18 - 2015-08-26 10:58 - 00000000 ____D C:\Users\Arwen\AppData\Local\WebEx
2017-04-11 13:17 - 2015-08-26 10:59 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\webex
2017-04-11 07:22 - 2013-01-07 19:45 - 19046912 ___SH C:\Users\Arwen\Desktop\Thumbs.db
2017-04-10 20:17 - 2016-07-19 22:08 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468980498
2017-04-10 20:17 - 2016-07-19 22:08 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-10 20:16 - 2013-12-16 11:05 - 00003508 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA
2017-04-10 20:16 - 2013-12-16 11:05 - 00003236 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core
2017-04-10 20:15 - 2017-03-19 21:03 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-10 20:14 - 2014-08-06 23:23 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-10 20:14 - 2014-08-06 23:23 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-10 20:13 - 2016-07-12 18:01 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-10 20:13 - 2014-02-13 12:25 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-31 20:27 - 2013-08-22 11:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-31 20:24 - 2015-03-21 13:20 - 00000000 ____D C:\Program Files\Java
2017-03-31 20:14 - 2013-06-17 11:18 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-31 19:53 - 2014-12-14 12:31 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-31 19:53 - 2014-09-24 05:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-03-31 18:06 - 2013-06-04 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-28 22:36 - 2017-03-19 21:03 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-03-28 22:36 - 2017-03-19 21:03 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-03-28 22:36 - 2017-03-19 21:03 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-03-28 22:36 - 2017-03-19 21:03 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys

==================== Files in the root of some directories =======

2015-11-02 18:57 - 2015-11-11 14:57 - 0000139 _____ () C:\Users\Arwen\AppData\Roaming\WB.CFG
2015-04-02 12:43 - 2015-04-02 12:43 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-24 09:39

==================== End of FRST.txt ============================

Blue Star · 2017/04/27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Arwen (27-04-2017 13:43:42)
Running from C:\Users\Arwen\Downloads
Windows 8.1 (Update) (X64) (2014-10-13 03:51:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3548505277-2733688421-2640094488-500 - Administrator - Disabled)
Arwen (S-1-5-21-3548505277-2733688421-2640094488-1001 - Administrator - Enabled) => C:\Users\Arwen
Guest (S-1-5-21-3548505277-2733688421-2640094488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3548505277-2733688421-2640094488-1049 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.5 - Advanced Business Objects)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
INVISION 11 Client (HKLM-x32\...\iLincClient.11) (Version: - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ListExtractor (HKLM-x32\...\{9BDEFE48-95D2-45A7-AC9F-B9CECC0E8E42}) (Version: 2.00.0000 - AtPacific)
Luxor 3 (HKLM-x32\...\BFG-Luxor 3) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.1.2 - Nova Development)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SHA Premium Quotation System (HKLM-x32\...\SHA Premium Quotation System) (Version: Version 2.1 - USHEALTH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X-Lite 3.0 (HKLM-x32\...\X-Lite 1.5_is1) (Version: - CounterPath Solutions Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8E00BFA9-1C7B-4E45-BF2F-0FAEA236E1CC}\localserver32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05DAE92A-6C6F-4145-A0E4-DC211BE58AD8} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-03-14] ()
Task: {1834511F-636F-4703-8D12-7C29F892135D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {1D39D15D-0AEA-4DF6-BDC1-004F28E99557} - System32\Tasks\SafeZone scheduled Autoupdate 1468980498 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {25273BEB-1596-4DF2-9ACB-64FB9B924E10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {273E163D-8BD0-4420-A6BF-604990062399} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe
Task: {33C2B19B-605D-4B98-AB07-6A0AA22E83FA} - System32\Tasks\FaxArchive_CN2BD211XW05S1 => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe
Task: {3F5DA5C4-9997-473E-945E-7CC7AA284FC9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: {45ABB5F7-5C01-489E-9D24-75ECFC93A2EE} - System32\Tasks\{0B005567-2F27-4C11-B217-48FB79CD4CFB} => pcalua.exe -a "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe" -c /remove /q0
Task: {4AD36E97-A0A7-4DC5-A480-09E50B73AAFA} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-30] (SEC)
Task: {54775C17-0CFA-4B0B-9666-0833EE6839C5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {5BF4106A-98B2-43EC-BFCA-BF41A8DD36A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-15] (Intel Corporation)
Task: {5CC84A7B-C17B-4951-A1F2-A2919DC9DC8A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {60FB7622-C6C3-4C23-B13C-20E588F1ACDA} - System32\Tasks\{DD3B9BBD-8D10-425E-8F91-2FDD3699230E} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.85.101/en/abandoninstall?page=tsBing
Task: {675B1F76-91AB-44C7-B2FD-BCEB028FF6B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe
Task: {6ED04B22-FF2B-4657-A2DC-4FCE1D90A9CB} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {866704E7-0F2E-4995-85D4-703CBF9E1241} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A6472604-2365-44F6-88D0-49AA7E52AA7B} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe <==== ATTENTION
Task: {A816F8AD-3B4E-4B1D-8202-EABE3C5EE876} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-15] (Intel Corporation)
Task: {AFD2CAF8-A357-409C-B4C9-F409D55AFEF6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {B82FA7BA-DF38-4CEC-9FF3-FC3AED168754} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {CF9AD7B1-A258-4614-AE15-AAB1352A2A4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-19] (AVAST Software)
Task: {D9DD9F47-0F79-48A3-8A7F-51A089EE2D23} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DE75DCC2-4981-4804-91D8-D8248A1F1E6A} - System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {E327E935-E671-4260-8172-436BE870BC17} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {ECFD5F00-7404-4420-A935-6D616BD65FE3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {FB6D6FE4-1610-4BB3-8519-231B3B051086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FF40CDEF-2FEE-441D-A1D5-433B2B50F330} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-10] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Arwen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

Blue Star · 2017/04/27

==================== Loaded Modules (Whitelisted) ==============

2017-03-14 20:44 - 2017-03-14 20:44 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2012-08-26 05:48 - 2012-08-26 05:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2011-03-09 16:34 - 2011-03-09 16:34 - 00144728 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
2017-03-14 19:56 - 2017-03-14 19:56 - 00738032 _____ () C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
2012-08-24 05:10 - 2012-08-24 05:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2017-03-14 20:44 - 2017-03-14 20:44 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2017-03-14 20:44 - 2017-03-14 20:44 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2017-03-14 20:43 - 2017-03-14 20:43 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2011-08-15 07:12 - 2011-08-15 07:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-04-15 22:42 - 2012-04-15 22:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 07:12 - 2011-08-15 07:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 07:15 - 2011-08-15 07:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 03:41 - 2011-08-17 03:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 03:48 - 2011-08-17 03:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 03:48 - 2011-08-17 03:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 06:23 - 2011-08-15 06:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-15 22:41 - 2012-04-15 22:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-15 22:56 - 2012-04-15 22:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-15 22:38 - 2012-04-15 22:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2017-04-10 20:14 - 2017-04-10 20:14 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-12 18:00 - 2016-07-12 18:00 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-10 20:14 - 2017-04-10 20:14 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-10 20:13 - 2017-04-10 20:13 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-10 20:14 - 2017-04-10 20:14 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2017-04-27 13:24 - 2017-04-27 13:24 - 00098816 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32api.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00110080 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\pywintypes27.dll
2017-04-27 13:24 - 2017-04-27 13:24 - 00364544 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\pythoncom27.dll
2017-04-27 13:24 - 2017-04-27 13:24 - 00320512 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32com.shell.shell.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00914432 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_hashlib.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 01176576 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._core_.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00806400 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._gdi_.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00816128 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._windows_.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 01067008 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._controls_.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00733184 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._misc_.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00682496 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\pysqlite2._sqlite.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00088064 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_ctypes.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00686080 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\unicodedata.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00119808 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32file.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00108544 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32security.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00007168 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\hashobjs_ext.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00017920 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\thumbnails_ext.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00088064 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\usb_ext.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00012800 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\common.time34.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00018432 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32event.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00167936 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32gui.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00046080 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_socket.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 01303552 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_ssl.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00128512 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_elementtree.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00127488 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\pyexpat.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00038912 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32inet.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00036864 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_psutil_windows.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00524248 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\windows._lib_cacheinvalidation.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00011264 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32crypt.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00123392 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._wizard.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00077312 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._html2.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00027648 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_multiprocessing.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00020480 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\_yappi.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00035840 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32process.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00078848 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\wx._animate.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00024064 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32pipe.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00010240 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\select.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00025600 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32pdh.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00017408 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32profile.pyd
2017-04-27 13:24 - 2017-04-27 13:24 - 00022528 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI42042\win32ts.pyd
2017-04-26 20:19 - 2017-04-19 00:04 - 02864984 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-26 20:19 - 2017-04-19 00:04 - 00087384 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll
2017-03-18 22:49 - 2017-03-18 22:49 - 00101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2012-09-04 03:11 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 22:34 - 2012-06-07 22:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2011-03-09 16:31 - 2011-03-09 16:31 - 00089440 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\AddressBookCore.dll
2011-03-09 16:34 - 2011-03-09 16:34 - 00152944 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\en-US\ReminderApp.resources.dll
2017-03-16 15:15 - 2017-03-16 15:15 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8d7515e6fbe81597c2d526e8fbf958f7\PSIClient.ni.dll
2012-09-04 02:57 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [428]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\vanillasoft.net -> hxxps://vanillasoft.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\Pictures\rhino 1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "MobileAppSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FA9129FF-73AD-4F17-A3E4-08C387470DC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BC33BA8B-43DA-4101-A7EF-C845A5EE9C1B}] => (Allow) LPort=1900
FirewallRules: [{A256DE0D-91C4-4813-8D37-4094F0093856}] => (Allow) LPort=2869
FirewallRules: [{A815C66B-2F5A-4DC6-8E6A-8422AAD9968A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7F4FC83B-8721-4B89-B589-A4A08D49A926}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{5E8A3DB7-6CD0-49AA-BEA6-1C2C78F8BD92}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{2DE15FEF-6E01-428D-A182-546B170AAE15}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{AD505DC0-F9C7-4705-A44A-AE403692F7A1}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe
FirewallRules: [{A715A783-E8A3-41C6-A5D1-91D53A40F5F6}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe
FirewallRules: [{D3094BBC-D0EF-4D6A-8C40-E7334756C08D}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{48A033F5-76D1-48E1-A766-66C38E6AB5EE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{89291383-A2BC-4BA5-827A-07C7D77C1058}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1CBD6BF6-C91F-4AD7-B790-05962F10B60D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C70516C4-682D-4C00-AEBA-9516CDE43654}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{B8A52E80-E47F-4A31-8652-BBD0C01845C3}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe
FirewallRules: [TCP Query User{EE9B6915-CE09-48C0-B34A-B48F9C88A47D}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe
FirewallRules: [{4F23892F-AB44-4400-9143-0AE72E864540}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [UDP Query User{1D3625C3-3C67-452E-832C-B8B96FFBE3DD}C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe] => (Allow) C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe
FirewallRules: [TCP Query User{D49D390C-C804-4465-AE97-A937F34CD30B}C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe] => (Allow) C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe
FirewallRules: [{B86FF951-9A5E-40DC-A446-B093B2D42927}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS31D5\hppiw.exe
FirewallRules: [{69A2911A-A5C1-4D90-8DC7-A1F45423C142}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS31D5\hppiw.exe
FirewallRules: [UDP Query User{2712ADFF-CA23-46BA-8ED1-E5494C0B7DB9}C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe] => (Allow) C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe
FirewallRules: [TCP Query User{DD124EA0-894C-4D05-B62B-BC5F790EBD6C}C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe] => (Allow) C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe
FirewallRules: [{82E32C08-7A18-460B-92C8-D21E9CBCCE63}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{9807E193-FC1A-49F5-B334-8E21B60A2E90}] => (Allow) C:\Users\Arwen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{096B750E-B77B-46CC-BBE8-0DCC87DDB03F}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [UDP Query User{2A1AB145-840C-4E4B-A732-E6AEA182B799}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [TCP Query User{47220578-96A8-48BC-8FA9-81CD8483B8B9}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [UDP Query User{FDB83730-E44D-42BA-B0BE-7325D05CFF85}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe
FirewallRules: [TCP Query User{7FC20502-F09E-4883-B32D-33DB7A6F7BB1}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe
FirewallRules: [UDP Query User{E920F795-8C2E-47C2-8BC7-AD34E45AB82E}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [TCP Query User{D10F29B3-A1D4-4199-A79A-1D8F9E6A3498}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [UDP Query User{D20A30A3-E10B-455C-964E-F3168399D131}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{6FB881D4-3548-4915-9B65-EFCF834D023F}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{34DCC5C5-F507-4750-A702-89C5C976901A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{AF65212D-E559-4D49-819C-46656D5E5574}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{F43B2C4C-F5EA-4363-9415-ECF9FAFFC407}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{897FCBF3-3082-48C3-9C78-0351D95DF122}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{75A7B777-C639-4F54-B838-0616DF7E3EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9A233B96-B59A-4837-AAF0-6F73C8FCFFE3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BE4847A3-39DA-4D16-9341-FC190F8C5255}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{74B0E3F3-86BE-4724-B2E0-F02B66B6D93E}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS5CAC\HPDiagnosticCoreUI.exe
FirewallRules: [{3A0892BE-3781-49B5-BAC9-1C820164C626}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS5CAC\HPDiagnosticCoreUI.exe
FirewallRules: [{475845B5-8E58-4B86-9021-F02FE930CAFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5BDA255-2693-4BA1-A18C-DDDCFC6447C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82BC9CF5-1460-4777-A8C5-DB3A00AC6309}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS23DB\HPDiagnosticCoreUI.exe
FirewallRules: [{5C816CCE-34FF-42FA-A18F-B83E906A2F70}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS23DB\HPDiagnosticCoreUI.exe
FirewallRules: [{63B652E4-85D0-42A4-AE7E-791A50CEEA5E}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS2416\HPDiagnosticCoreUI.exe
FirewallRules: [{C5766F8F-17F4-4275-8DAE-3B52028C0D15}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS2416\HPDiagnosticCoreUI.exe
FirewallRules: [{187BFCA5-0861-47CB-B575-7B3B7EC2A064}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C18F5584-F470-40C2-9360-4DA6FCB4916B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{5C5B02E1-BDEE-41C4-87D7-7EA2548C06F0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{08436A3C-2D5B-4D4C-AAAD-C4A8B6307A25}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{6FB51C2C-3F02-49A1-9A6F-5C51DD31E436}] => (Allow) LPort=5357
FirewallRules: [{5559E64A-9A65-4EA3-B041-427F0FF3B67A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5870CB02-7403-4313-966E-FE506BD8B4BF}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6F84\HPDiagnosticCoreUI.exe
FirewallRules: [{5D37A431-E7EC-4246-AEF2-410D103E9DF4}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS6F84\HPDiagnosticCoreUI.exe
FirewallRules: [{E76076D8-B77B-4717-8927-F0FCC8D3ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{537DE16A-DE03-4780-8EE2-65CE35CB3509}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{835DE832-FED2-47EE-9F44-1CC3F943C203}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe
FirewallRules: [UDP Query User{2669B789-2724-4AEE-955C-47B057D19522}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe
FirewallRules: [TCP Query User{F30DBDEB-139B-4448-A1FD-462F3C70FDF1}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe
FirewallRules: [UDP Query User{BD31835B-F3F4-44B4-9E61-9321DD1C0B1A}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe
FirewallRules: [TCP Query User{78C45732-CBED-4337-9D28-388F2B541261}C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [UDP Query User{D0181A7B-0503-4DB8-A6E4-D453AE855E64}C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [{35C62B24-008C-47F3-8842-CD26973164D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87F7ACBE-C5B0-4702-AC7D-DFEA5BB85994}] => (Allow) C:\Users\Arwen\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{089EC4AD-6375-42C1-8EDD-9AADB588E76D}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS2AB5\HPDiagnosticCoreUI.exe
FirewallRules: [{37C19DAE-33E9-4EAA-AA82-D11F687C663E}] => (Allow) C:\Users\Arwen\AppData\Local\Temp\7zS2AB5\HPDiagnosticCoreUI.exe
FirewallRules: [{9FDD3E37-054D-49A1-889B-A90032C25074}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{07CEFD97-E7A7-41B4-AD92-D421C838EAFE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{C6DBA34E-11CA-4CAA-B015-E0674E8B3DFE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{27E9E7D4-CD9D-4284-AB91-1E6560015DFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-04-2017 11:22:56 Windows Update
20-04-2017 14:55:35 Scheduled Checkpoint
27-04-2017 02:25:27 Removed Product Improvement Study for HP Officejet Pro 8610

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2017 01:41:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eb4

Start Time: 01d2bf7cbe28e370

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b1b6accc-2b70-11e7-bfae-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/27/2017 01:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x11246f80
Faulting process id: 0x1c84
Faulting application start time: 0x01d2bf7d12d0629c
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: unknown
Report Id: a612f978-2b70-11e7-bfae-b888e36c7608
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2017 01:30:49 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (4728) {08BFC4EB-4D68-4EA9-86D6-E23692B09D88}: Database recovery/restore failed with unexpected error -543.

Error: (04/27/2017 01:30:49 PM) (Source: ESENT) (EventID: 453) (User: )
Description: SettingSyncHost (4728) {08BFC4EB-4D68-4EA9-86D6-E23692B09D88}: Database C:\Users\Arwen\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb requires logfiles 25307-25318 (C:\Users\Arwen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb062DB.log - C:\Users\Arwen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 25312 (C:\Users\Arwen\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb062E0.log).

Error: (04/27/2017 01:27:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{EE8BACFF-60B3-4069-8F71-337A2662940A}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/27/2017 03:25:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1680

Start Time: 01d2bf26cbbac4d6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: bf549e20-2b1a-11e7-bfad-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/27/2017 02:55:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 22d0

Start Time: 01d2bf229ae54c84

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8e6fdbff-2b16-11e7-bfad-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/27/2017 02:42:42 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: THEONE)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (04/27/2017 02:42:42 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: THEONE)
Description: Application or service 'Microsoft Access' could not be shut down.

Error: (04/27/2017 02:33:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 78

Start Time: 01d2beabb17a6cdd

Termination Time: 109

Application Path: C:\WINDOWS\explorer.exe

Report Id: 72a9d6f4-2b13-11e7-bfad-b888e36c7608

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (04/27/2017 01:28:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/27/2017 01:26:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (04/27/2017 01:23:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2017 01:23:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/27/2017 01:23:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2017 01:23:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/27/2017 01:21:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:30:50 AM on ‎4/‎27/‎2017 was unexpected.

Error: (04/26/2017 11:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/26/2017 11:23:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arwen\AppData\Local\Temp\ehdrv.sys

Error: (04/26/2017 11:23:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

CodeIntegrity:
===================================
Date: 2017-04-27 02:48:50.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.362
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.065
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:47.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8083.5 MB
Available physical RAM: 4887.5 MB
Total Virtual: 10899.5 MB
Available Virtual: 7566.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:907.06 GB) (Free:664.45 GB) NTFS
Drive d: (HP OJ8610) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Blue Star · 2017/04/27

I have scanned with Avast, MalwareBytes, and ESET Online Scanner all of which found nothing.

broni · 2017/04/27

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Blue Star · 2017/04/28

Working on all of the above...TY Broni! <3

Blue Star · 2017/04/28

RogueKiller V12.10.6.0 (x64) [Apr 24 2017] (Free) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum - Home
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Downloads - Adlice Software

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Arwen [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/28/2017 12:41:32 (Duration : 00:39:40)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 36 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\AVSoftware -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVSoftware -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\ImInstaller -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\ImInstaller -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\APN PIP -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Linkey -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\yahooprovidedsearch -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\APN PIP -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Linkey -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\yahooprovidedsearch -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\ImInstaller -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\ImInstaller -> Deleted
[PUP.Gen0] (X64) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {00011268-E188-40DF-A514-835FCD78B1BF} : -> Deleted
[PUP.Gen0] (X86) HKEY_USERS\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {00011268-E188-40DF-A514-835FCD78B1BF} : -> ERROR [2]
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F4FC83B-8721-4B89-B589-A4A08D49A926} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\File Type Assistant\TSAssist.exe|Name=ProgramUpdateCheck| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3094BBC-D0EF-4D6A-8C40-E7334756C08D} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\File Type Assistant\TSAssist.exe|Name=ProgramUpdateCheck| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F23892F-AB44-4400-9143-0AE72E864540} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\File Type Assistant\TSAssist.exe|Name=ProgramUpdateCheck| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{1D3625C3-3C67-452E-832C-B8B96FFBE3DD}C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe|Name=xcally 3.exe|Desc=xcally 3.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{D49D390C-C804-4465-AE97-A937F34CD30B}C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\arwen\appdata\local\apps\2.0\39jerndh.6nw\nj0n2d18.zw7\xcal..tion_0000000000000000_0003.0001_9f02feda3e8e62b1\xcally 3.exe|Name=xcally 3.exe|Desc=xcally 3.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B86FF951-9A5E-40DC-A446-B093B2D42927} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Arwen\AppData\Local\Temp\7zS31D5\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {69A2911A-A5C1-4D90-8DC7-A1F45423C142} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Arwen\AppData\Local\Temp\7zS31D5\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2712ADFF-CA23-46BA-8ED1-E5494C0B7DB9}C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe|Name=enterprisedu.exe|Desc=enterprisedu.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{DD124EA0-894C-4D05-B62B-BC5F790EBD6C}C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\arwen\appdata\local\temp\7zs66c9\enterprisedu.exe|Name=enterprisedu.exe|Desc=enterprisedu.exe|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {82E32C08-7A18-460B-92C8-D21E9CBCCE63} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\File Type Assistant\TSAssist.exe|Name=ProgramUpdateCheck| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {096B750E-B77B-46CC-BBE8-0DCC87DDB03F} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\File Type Assistant\TSAssist.exe|Name=ProgramUpdateCheck| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {74B0E3F3-86BE-4724-B2E0-F02B66B6D93E} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Arwen\AppData\Local\Temp\7zS5CAC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3A0892BE-3781-49B5-BAC9-1C820164C626} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Arwen\AppData\Local\Temp\7zS5CAC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {82BC9CF5-1460-4777-A8C5-DB3A00AC6309} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS23DB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C816CCE-34FF-42FA-A18F-B83E906A2F70} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS23DB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {63B652E4-85D0-42A4-AE7E-791A50CEEA5E} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS2416\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C5766F8F-17F4-4275-8DAE-3B52028C0D15} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS2416\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5870CB02-7403-4313-966E-FE506BD8B4BF} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS6F84\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D37A431-E7EC-4246-AEF2-410D103E9DF4} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS6F84\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {089EC4AD-6375-42C1-8EDD-9AADB588E76D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS2AB5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {37C19DAE-33E9-4EAA-AA82-D11F687C663E} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Arwen\AppData\Local\Temp\7zS2AB5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \MakeMarkerFile -- "%ProgramData%\MakeMarkerFile.exe" -> Deleted

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\SafeSearch -> Deleted
[PUP.Gen1][File] C:\Program Files\SafeSearch\1_11\ie\AddinExpress.IE.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\SafeSearch\1_11\ie\adxloader.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\SafeSearch\1_11\ie\Interop.SHDocVw.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\SafeSearch\1_11\ie\SafeSearch.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\SafeSearch\1_11\ie -> Deleted
[PUP.Gen1][Folder] C:\Program Files\SafeSearch\1_11 -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\apps.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\cna.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_act_ff_upg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_act_ie_upg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_act_srch1.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_act_srch2.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_anstip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_anstipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_as.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_atb.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_auttip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_auttipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_bootip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_catb.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_clutip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_clutipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_cnf.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_cotb.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_ctb.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fantip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fantipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fintip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fintipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_flktip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_flktipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_grptip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_grptipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_loctip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_loctipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_logtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mailatip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mailtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_map.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mlbtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mlbtipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_movtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_movtipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_msgratip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_msgrtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mustip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mustipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nbatip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nbatipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newstip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newstipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newtipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nfltip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nfltipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_opt.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_pub.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_shotip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_shotipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_srchtip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_tratip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_tratipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_upg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_upg8tip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_wctb.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_weatip.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_weatipg.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_wp.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_wp2.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_yq.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\loading.html -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\Companion\Data\settings.html -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Data -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion\Installs -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 19a5b97c94ad62fe7b16cd7724b8e74a
[BSP] 207e734b8d2d61ca982caa7896d12816 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1026048 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1640448 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1902592 | Size: 928830 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1904146432 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1905068032 | Size: 22636 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 1951426560 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK

Blue Star · 2017/04/28

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/28/17
Scan Time: 1:29 PM
Logfile: MWB _ 04.28.2017.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1713
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386551
Time Elapsed: 8 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Blue Star · 2017/04/28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Arwen (Administrator) on Fri 04/28/2017 at 14:08:46.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 3

Successfully deleted: C:\Users\Arwen\AppData\Roaming\hamstersoft (Folder)
Successfully deleted: C:\Users\Arwen\Documents\add-in express (Folder)
Successfully deleted: C:\Program Files (x86)\hamster soft (Folder)

Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5702548C-054D-441C-8D09-68ACF36AA8ED} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/28/2017 at 14:13:05.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Blue Star · 2017/04/28

All scans completed and posted!

Blue Star · 2017/04/28

# AdwCleaner v6.046 - Logfile created 28/04/2017 at 13:53:03
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-28.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Arwen - THEONE
# Running from : C:\Users\Arwen\Downloads\adwcleaner_6.046.exe
# Mode: Scan
# Support : Customer Support & Help Center

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\Users\Arwen\AppData\LocalLow\Yahoo!\Companion
Folder Found: C:\ProgramData\BSD\DriverHive
Folder Found: C:\ProgramData\BSD\DriverHiveEngine
Folder Found: C:\ProgramData\Application Data\BSD\DriverHive
Folder Found: C:\ProgramData\Application Data\BSD\DriverHiveEngine

***** [ Files ] *****

File Found: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage
File Found: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\webcakeupdaterservice
Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\webcakeupdaterservice
Key Found: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Classes\jZip.file
Key Found: HKCU\Software\Classes\jZip.file
Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found: [x64] HKCU\Software\Classes\jZip.file
Key Found: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found: HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Found: HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Key Found: HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Key Found: HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Key Found: HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Found: HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Key Found: HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Found: HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Found: HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Found: HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Found: HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Key Found: HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Key Found: HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Key Found: HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Key Found: HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Found: HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Key Found: HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Key Found: HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Key Found: HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}]
Key Found: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Yahoo\Companion
Key Found: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Yahoo\YFriendsBar
Key Found: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\BSD
Key Found: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\SweetIM
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\TNT2
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Updater By Sweetpacks
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\WNLT
Key Found: HKCU\Software\Yahoo\Companion
Key Found: HKCU\Software\Yahoo\YFriendsBar
Key Found: HKCU\Software\BSD
Key Found: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKLM\SOFTWARE\Yahoo\Companion
Key Found: HKLM\SOFTWARE\Auslogics
Key Found: HKLM\SOFTWARE\BSD
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\SweetIM
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\TNT2
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Updater By Sweetpacks
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\WNLT
Key Found: [x64] HKCU\Software\Yahoo\Companion
Key Found: [x64] HKCU\Software\Yahoo\YFriendsBar
Key Found: [x64] HKCU\Software\BSD
Key Found: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [browsersafeguard]
Value Found: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
Key Found: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Value Found: HKLM\SOFTWARE\RegisteredApplications [jZip]

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Arwen\AppData\Local\Chromium\User Data\Default\Web data] - search provided by yahoo
Chrome pref Found: [C:\Users\Arwen\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_45&param1=1&param2=f%3D1%
Chrome pref Found: [C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Web data] - search provided by yahoo.com
Chrome pref Found: [C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_45&param1=1&param2=f

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [9460 Bytes] - [28/04/2017 13:53:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9533 Bytes] ##########

broni · 2017/04/28

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Blue Star · 2017/04/28

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Arwen (administrator) on THEONE (29-04-2017 00:32:09)
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen (Available Profiles: Arwen)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealDownloader\realdownloader264.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Arwen\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-10] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2017-03-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [738032 2017-03-14] ()
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [eyeBeam SIP Client] => C:\Program Files (x86)\CounterPath\X-Lite\x-lite.exe [23941120 2010-01-04] ()
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-10] (Google Inc.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Spark] => C:\Program Files (x86)\Spark\Spark.exe
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.scr [322248 2014-03-31] (Microsoft Corporation)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-10]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-18]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{5E936670-642F-4052-AA03-D47CB7323CAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{C98612F8-1E09-4913-9A71-55F75A0B2F56}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-03-14] (RealDownloader)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-03-14] (RealDownloader)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {03A89EFD-E023-B200-A22D-45F77558EB4C} hxxps://content10.invisionmeeting.com/download/AXCltInst11.dll
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {494DE545-6D3C-4F63-9D73-CF408AB248D9} hxxps://vanillasoft.net/binarys/amiTapiPro.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127 [2017-04-27]
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\kompozer.net\KompoZer\Profiles\jj4nfp63.default [2015-04-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-03-18] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arwen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/O1DPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin64 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://oibkikcneihjcakjbomejflolaijihln/newtab/newtab.html"
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default [2017-04-28]
CHR Extension: (Google Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-15]
CHR Extension: (Regex Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2015-04-13]
CHR Extension: (Google Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Google Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-04]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (FB UID Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfeilckipmpkmoblecjildbpgdjjpnj [2015-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-29]
CHR Extension: (Google Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Google Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Avast SafePrice) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-16]
CHR Extension: (Google Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-10]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-18]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-13]
CHR Extension: (FreeConferenceCall.com Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2017-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Login Faster) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oibkikcneihjcakjbomejflolaijihln [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-28]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

Blue Star · 2017/04/28

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-03-28] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-10] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-14] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2017-03-18] (RealNetworks, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-03-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-28] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-03-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-28] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [85552 2017-03-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-10] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-04-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-28] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-10] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-28] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-28] (Malwarebytes)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-28] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 00:31 - 2017-04-29 00:31 - 02427392 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (1).exe
2017-04-28 14:22 - 2017-04-28 14:22 - 04102600 _____ C:\Users\Arwen\Downloads\adwcleaner_6.046 (1).exe
2017-04-28 14:21 - 2017-04-28 14:21 - 04089296 _____ C:\Users\Arwen\Downloads\AdwCleaner (1).exe
2017-04-28 14:13 - 2017-04-28 14:13 - 00001549 _____ C:\Users\Arwen\Desktop\JRT.txt
2017-04-28 14:05 - 2017-04-28 14:05 - 01663672 _____ (Malwarebytes) C:\Users\Arwen\Downloads\JRT (1).exe
2017-04-28 14:05 - 2017-04-28 14:05 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-28 13:49 - 2017-04-28 13:49 - 04102600 _____ C:\Users\Arwen\Downloads\adwcleaner_6.046.exe
2017-04-28 13:45 - 2017-04-28 13:45 - 00001087 _____ C:\Users\Arwen\Desktop\MWB _ 04.28.2017.txt
2017-04-28 13:28 - 2017-04-28 22:54 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-28 13:28 - 2017-04-28 16:17 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-28 13:28 - 2017-04-28 16:17 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-28 13:28 - 2017-04-28 16:17 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-28 13:28 - 2017-04-28 13:28 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-28 13:28 - 2017-04-28 13:28 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-28 13:28 - 2017-04-28 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-28 13:28 - 2017-04-28 13:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-28 13:28 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-28 13:26 - 2017-04-28 13:27 - 60107896 _____ (Malwarebytes ) C:\Users\Arwen\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-28 12:37 - 2017-04-28 12:37 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-28 12:37 - 2017-04-28 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-28 12:37 - 2017-04-28 12:37 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-28 12:36 - 2017-04-28 12:36 - 35357840 _____ (Adlice Software ) C:\Users\Arwen\Downloads\setup.exe
2017-04-28 12:23 - 2017-04-28 12:29 - 00000000 _____ C:\Users\Arwen\AppData\Local\{A88C90A5-864E-429C-B6F8-D94B093AAA5D}
2017-04-27 13:43 - 2017-04-27 13:44 - 00059241 _____ C:\Users\Arwen\Downloads\Addition.txt
2017-04-27 13:42 - 2017-04-29 00:32 - 00034692 _____ C:\Users\Arwen\Downloads\FRST.txt
2017-04-27 13:41 - 2017-04-29 00:32 - 00000000 ____D C:\FRST
2017-04-27 13:41 - 2017-04-27 13:41 - 02427392 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64.exe
2017-04-27 13:41 - 2017-04-27 13:41 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (5).exe
2017-04-27 13:40 - 2017-04-27 13:40 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (4).exe
2017-04-27 13:37 - 2017-04-27 13:37 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (3).exe
2017-04-27 13:37 - 2017-04-27 13:37 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (2).exe
2017-04-27 13:36 - 2017-04-27 13:36 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST (1).exe
2017-04-27 13:34 - 2017-04-27 13:34 - 01768448 _____ (Farbar) C:\Users\Arwen\Downloads\FRST.exe
2017-04-27 02:38 - 2017-04-27 02:38 - 00000000 ____D C:\Users\Arwen\AppData\LocalLow\Mozilla
2017-04-26 23:23 - 2017-04-26 23:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (2).exe
2017-04-26 23:23 - 2017-04-26 23:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (1).exe
2017-04-26 23:15 - 2017-04-26 23:15 - 00000000 ____D C:\Users\Arwen\Desktop\AIO Ideal Concepts
2017-04-26 09:23 - 2017-04-26 09:24 - 00837814 _____ C:\Users\Arwen\Downloads\How To Register on the Humana Agent Portal.pdf
2017-04-25 11:50 - 2017-04-25 11:50 - 06392372 _____ C:\Users\Arwen\Downloads\one call close script 04.09.2017.pdf
2017-04-24 21:54 - 2017-04-24 21:54 - 00000000 ____D C:\Users\Arwen\Desktop\NSA _ 04.24.2017
2017-04-24 16:52 - 2017-04-24 16:52 - 00006160 _____ C:\Users\Arwen\Downloads\catalog-grade.pdf
2017-04-24 14:13 - 2017-04-24 14:13 - 01129376 _____ (Google Inc.) C:\Users\Arwen\Downloads\GoogleVoiceAndVideoSetup (1).exe
2017-04-19 21:08 - 2017-04-19 21:08 - 00082206 _____ C:\Users\Arwen\Downloads\03292017-1001336026615.pdf
2017-04-19 02:00 - 2017-04-19 02:00 - 00014661 _____ C:\Users\Arwen\Downloads\Resume for Tim and Kathy.odt
2017-04-19 00:56 - 2017-04-19 00:56 - 00526315 _____ C:\Users\Arwen\Downloads\2017 State by State Breakdown - ST (1).PDF
2017-04-18 22:40 - 2017-04-18 22:40 - 00022157 _____ C:\Users\Arwen\Downloads\Tax Extension 2016.pdf
2017-04-14 09:58 - 2017-04-14 09:58 - 00035084 _____ C:\Users\Arwen\Downloads\Ari Resume 29c _ 01.14.2017.pdf
2017-04-13 01:06 - 2017-04-13 01:06 - 00000000 ____D C:\Users\Arwen\AppData\Local\ESET
2017-04-13 01:05 - 2017-04-13 01:06 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu.exe
2017-04-12 13:10 - 2017-03-31 21:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-12 13:10 - 2017-03-31 21:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-12 11:27 - 2017-03-21 09:11 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-04-12 11:27 - 2017-03-21 09:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-04-12 11:27 - 2017-03-21 09:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-04-12 11:27 - 2017-03-21 09:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-04-12 10:43 - 2017-04-12 10:43 - 00526315 _____ C:\Users\Arwen\Downloads\2017 State by State Breakdown - ST.PDF
2017-04-12 10:22 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-12 10:22 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-12 10:22 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-12 10:22 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-12 10:22 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-12 10:22 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-12 10:22 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-12 10:22 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-12 10:22 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-12 10:22 - 2017-03-25 14:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-12 10:22 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-12 10:22 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-04-12 10:22 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-12 10:22 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-12 10:22 - 2017-03-25 13:12 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-04-12 10:22 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-12 10:22 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-12 10:22 - 2017-03-25 13:00 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-12 10:22 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-12 10:22 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-12 10:22 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-12 10:22 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-12 10:22 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-12 10:22 - 2017-03-25 00:43 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-12 10:22 - 2017-03-24 14:24 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-12 10:22 - 2017-03-14 15:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-12 10:22 - 2017-03-14 10:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-12 10:22 - 2017-03-14 10:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-12 10:22 - 2017-03-14 10:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-12 10:22 - 2017-03-14 10:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-12 10:22 - 2017-03-13 12:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-04-12 10:22 - 2017-03-12 11:04 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-12 10:22 - 2017-03-10 23:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-12 10:22 - 2017-03-10 23:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-12 10:22 - 2017-03-10 23:49 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-12 10:22 - 2017-03-10 23:49 - 00388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-12 10:22 - 2017-03-10 23:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-12 10:22 - 2017-03-10 23:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-12 10:22 - 2017-03-09 17:13 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-04-12 10:22 - 2017-03-07 19:25 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-12 10:22 - 2017-03-07 19:21 - 01212760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-12 10:22 - 2017-03-04 15:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-12 10:22 - 2017-03-04 15:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-12 10:22 - 2017-03-04 14:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-12 10:22 - 2017-03-04 12:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-12 10:22 - 2017-03-03 11:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-12 10:22 - 2017-03-03 11:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-12 10:22 - 2017-03-03 11:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-12 10:22 - 2017-03-03 11:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-12 10:22 - 2017-02-11 14:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-12 10:22 - 2017-02-11 13:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-12 10:22 - 2017-02-11 12:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-04-12 10:22 - 2017-02-11 12:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-04-12 10:22 - 2017-02-10 15:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-04-12 10:22 - 2017-02-10 10:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-04-12 10:22 - 2017-02-04 13:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-12 10:22 - 2017-02-04 13:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-12 10:22 - 2017-02-04 13:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-12 10:22 - 2017-02-01 15:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-04-12 10:22 - 2017-02-01 15:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-04-12 10:22 - 2017-01-18 22:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-12 10:22 - 2017-01-18 10:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-12 10:22 - 2017-01-18 10:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-12 10:22 - 2017-01-14 16:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-12 10:22 - 2017-01-14 15:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-12 10:22 - 2017-01-14 10:37 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-12 10:22 - 2017-01-12 12:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-04-12 10:22 - 2017-01-12 12:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-04-12 10:22 - 2017-01-12 02:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-04-12 10:22 - 2017-01-11 15:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-04-12 10:22 - 2017-01-11 13:28 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-04-12 10:22 - 2017-01-11 11:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-04-12 10:22 - 2017-01-10 18:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-04-12 10:22 - 2017-01-10 17:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-04-12 10:22 - 2017-01-10 16:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-04-12 10:22 - 2017-01-10 15:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-04-12 10:22 - 2017-01-10 15:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-04-12 10:22 - 2017-01-06 13:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-04-12 10:22 - 2017-01-06 13:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-04-12 10:22 - 2016-12-24 21:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-04-12 10:22 - 2016-12-24 21:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-04-12 10:22 - 2016-12-24 20:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-04-12 10:22 - 2016-12-24 20:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-04-12 10:22 - 2016-12-24 19:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-04-12 10:22 - 2016-12-09 04:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-04-12 10:21 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-12 10:21 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-12 10:21 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-04-12 10:21 - 2017-03-25 14:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-04-12 10:21 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-12 10:21 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-12 10:21 - 2017-03-13 12:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-12 10:21 - 2017-03-13 12:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-12 10:21 - 2017-03-13 12:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-12 10:21 - 2017-03-13 11:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-12 10:21 - 2017-03-13 11:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-12 10:21 - 2017-03-13 11:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-12 10:21 - 2017-03-09 17:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-12 10:21 - 2017-03-09 15:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-12 03:11 - 2017-04-12 03:11 - 00115742 _____ C:\Users\Arwen\Downloads\Receipt (1).pdf
2017-04-11 18:58 - 2017-04-11 18:58 - 00115742 _____ C:\Users\Arwen\Downloads\Receipt.pdf
2017-04-11 13:31 - 2017-04-10 20:19 - 00016090 _____ C:\Users\Arwen\Documents\legal%20shield%20stuff.odt_0.odt
2017-04-11 13:26 - 2017-04-11 13:26 - 00003824 _____ C:\Users\Arwen\Downloads\Medicare Agent Bookmarks.html
2017-04-11 13:20 - 2017-04-12 12:58 - 00000000 ____D C:\Program Files (x86)\iolo
2017-04-11 13:20 - 2017-04-11 14:44 - 00000000 ____D C:\ProgramData\iolo
2017-04-11 13:20 - 2017-04-11 13:20 - 00074703 _____ C:\WINDOWS\SysWOW64\mfc45.dat
2017-04-11 13:17 - 2017-04-11 14:39 - 00000000 ____D C:\ProgramData\WebEx
2017-04-11 13:17 - 2017-04-11 13:17 - 01021624 _____ (Cisco WebEx LLC) C:\Users\Arwen\Downloads\Cisco_WebEx_Add-On.exe
2017-04-10 20:17 - 2017-04-10 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-10 20:14 - 2017-04-10 20:14 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 00:28 - 2013-07-08 15:31 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Skype
2017-04-28 23:49 - 2012-09-04 03:10 - 00000000 ____D C:\ProgramData\Temp
2017-04-28 22:14 - 2014-10-13 01:32 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF6E7FF6-A826-4FA6-A008-42C24AD91130}
2017-04-28 22:06 - 2013-02-11 10:49 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 22:06 - 2013-02-11 10:49 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 16:36 - 2012-12-16 22:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3548505277-2733688421-2640094488-1001
2017-04-28 16:30 - 2012-09-04 03:05 - 00000000 ____D C:\ProgramData\WinClon
2017-04-28 16:28 - 2014-10-12 23:59 - 00000000 ___DO C:\Users\Arwen\OneDrive
2017-04-28 16:28 - 2014-10-12 23:12 - 00000000 ____D C:\Users\Arwen
2017-04-28 16:28 - 2012-09-04 02:57 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-28 16:16 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-28 15:31 - 2012-12-16 22:21 - 00000000 ____D C:\Users\Arwen\AppData\Local\CrashDumps
2017-04-28 14:26 - 2015-03-21 13:47 - 00000000 ____D C:\AdwCleaner
2017-04-28 14:21 - 2013-12-24 01:03 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\ClassicShell
2017-04-28 13:58 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-04-28 13:54 - 2015-09-14 13:55 - 00000000 ____D C:\ProgramData\BSD
2017-04-28 13:54 - 2013-03-22 11:22 - 00000000 ____D C:\Users\Arwen\AppData\LocalLow\Yahoo!
2017-04-28 13:28 - 2013-05-19 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-28 13:25 - 2013-03-22 11:22 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-04-28 12:41 - 2015-03-17 22:56 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-28 12:38 - 2014-08-06 23:23 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-04-28 12:38 - 2014-02-13 12:25 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-04-28 12:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-27 13:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-04-27 13:25 - 2015-05-06 13:59 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Google
2017-04-27 13:20 - 2013-01-22 13:05 - 00000000 ____D C:\Program Files\Google
2017-04-27 13:20 - 2013-01-22 13:02 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-27 02:45 - 2016-02-16 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-27 02:45 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-27 02:44 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-27 02:33 - 2013-01-22 13:02 - 00000000 ____D C:\Users\Arwen\AppData\Local\Google
2017-04-26 23:21 - 2016-07-12 17:47 - 00000000 ____D C:\Users\Arwen\Desktop\INSURANCE
2017-04-26 23:21 - 2016-05-19 09:49 - 00000000 ____D C:\Users\Arwen\Desktop\Lean Belly Breakthrough
2017-04-26 20:19 - 2013-07-12 13:33 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-25 11:21 - 2012-09-04 02:57 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-24 12:07 - 2013-03-07 12:36 - 00000000 ____D C:\Users\Arwen\Desktop\ARI STUFF
2017-04-24 12:06 - 2015-09-29 16:30 - 00000000 ____D C:\Users\Arwen\Desktop\Jewelry Tutorials
2017-04-23 03:08 - 2015-05-21 07:31 - 00000000 ____D C:\Users\Arwen\Desktop\Biz Photos
2017-04-18 21:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-17 00:42 - 2015-05-02 15:02 - 00000000 ____D C:\Users\Arwen\Desktop\LegalShield
2017-04-16 11:00 - 2013-04-10 11:15 - 00000000 ____D C:\Users\Arwen\AppData\Local\ElevatedDiagnostics
2017-04-14 08:49 - 2015-01-04 15:13 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-14 08:48 - 2016-02-13 19:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 23:25 - 2014-09-24 03:15 - 00887272 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-12 13:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 13:12 - 2014-01-21 09:43 - 00000000 ____D C:\Users\Arwen\Desktop\JEWELS
2017-04-12 13:08 - 2013-08-22 10:44 - 00578384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-12 13:07 - 2013-06-30 02:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 13:07 - 2013-06-30 02:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 13:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-12 13:00 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-04-12 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-12 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 11:40 - 2013-08-02 19:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 11:36 - 2012-12-22 03:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 11:35 - 2013-06-30 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 11:31 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-12 03:05 - 2013-06-17 12:52 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-12 03:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-12 03:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:43 - 2016-07-12 16:33 - 00000000 ____D C:\ProgramData\EPSON
2017-04-11 14:40 - 2013-01-09 16:22 - 00000000 ____D C:\Users\Arwen\AppData\Local\Citrix
2017-04-11 13:18 - 2015-08-26 10:58 - 00000000 ____D C:\Users\Arwen\AppData\Local\WebEx
2017-04-11 13:17 - 2015-08-26 10:59 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\webex
2017-04-11 07:22 - 2013-01-07 19:45 - 19046912 ___SH C:\Users\Arwen\Desktop\Thumbs.db
2017-04-10 20:17 - 2016-07-19 22:08 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468980498
2017-04-10 20:17 - 2016-07-19 22:08 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-10 20:16 - 2013-12-16 11:05 - 00003508 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA
2017-04-10 20:16 - 2013-12-16 11:05 - 00003236 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core
2017-04-10 20:15 - 2017-03-19 21:03 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-10 20:14 - 2014-08-06 23:23 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-10 20:14 - 2014-02-13 12:25 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-10 20:13 - 2016-07-12 18:01 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-10 20:13 - 2014-02-13 12:25 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-31 20:27 - 2013-08-22 11:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-31 20:24 - 2015-03-21 13:20 - 00000000 ____D C:\Program Files\Java
2017-03-31 20:14 - 2013-06-17 11:18 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-31 19:53 - 2014-12-14 12:31 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-31 19:53 - 2014-09-24 05:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-03-31 18:06 - 2013-06-04 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2015-11-02 18:57 - 2015-11-11 14:57 - 0000139 _____ () C:\Users\Arwen\AppData\Roaming\WB.CFG
2017-04-28 12:23 - 2017-04-28 12:29 - 0000000 _____ () C:\Users\Arwen\AppData\Local\{A88C90A5-864E-429C-B6F8-D94B093AAA5D}
2015-04-02 12:43 - 2015-04-02 12:43 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-28 16:36

==================== End of FRST.txt ============================

Blue Star · 2017/04/28

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Arwen (29-04-2017 00:33:39)
Running from C:\Users\Arwen\Downloads
Windows 8.1 (Update) (X64) (2014-10-13 03:51:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3548505277-2733688421-2640094488-500 - Administrator - Disabled)
Arwen (S-1-5-21-3548505277-2733688421-2640094488-1001 - Administrator - Enabled) => C:\Users\Arwen
Guest (S-1-5-21-3548505277-2733688421-2640094488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3548505277-2733688421-2640094488-1049 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.5 - Advanced Business Objects)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
INVISION 11 Client (HKLM-x32\...\iLincClient.11) (Version: - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ListExtractor (HKLM-x32\...\{9BDEFE48-95D2-45A7-AC9F-B9CECC0E8E42}) (Version: 2.00.0000 - AtPacific)
Luxor 3 (HKLM-x32\...\BFG-Luxor 3) (Version: - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.1.2 - Nova Development)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.0 - Samsung Electronics CO., LTD.)
RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SHA Premium Quotation System (HKLM-x32\...\SHA Premium Quotation System) (Version: Version 2.1 - USHEALTH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X-Lite 3.0 (HKLM-x32\...\X-Lite 1.5_is1) (Version: - CounterPath Solutions Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8E00BFA9-1C7B-4E45-BF2F-0FAEA236E1CC}\localserver32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05DAE92A-6C6F-4145-A0E4-DC211BE58AD8} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-03-14] ()
Task: {1834511F-636F-4703-8D12-7C29F892135D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {1D39D15D-0AEA-4DF6-BDC1-004F28E99557} - System32\Tasks\SafeZone scheduled Autoupdate 1468980498 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {25273BEB-1596-4DF2-9ACB-64FB9B924E10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {273E163D-8BD0-4420-A6BF-604990062399} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe
Task: {33C2B19B-605D-4B98-AB07-6A0AA22E83FA} - System32\Tasks\FaxArchive_CN2BD211XW05S1 => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe
Task: {3F5DA5C4-9997-473E-945E-7CC7AA284FC9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: {45ABB5F7-5C01-489E-9D24-75ECFC93A2EE} - System32\Tasks\{0B005567-2F27-4C11-B217-48FB79CD4CFB} => pcalua.exe -a "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe" -c /remove /q0
Task: {4AD36E97-A0A7-4DC5-A480-09E50B73AAFA} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-30] (SEC)
Task: {54775C17-0CFA-4B0B-9666-0833EE6839C5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {5BF4106A-98B2-43EC-BFCA-BF41A8DD36A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-15] (Intel Corporation)
Task: {5CC84A7B-C17B-4951-A1F2-A2919DC9DC8A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {60FB7622-C6C3-4C23-B13C-20E588F1ACDA} - System32\Tasks\{DD3B9BBD-8D10-425E-8F91-2FDD3699230E} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.85.101/en/abandoninstall?page=tsBing
Task: {675B1F76-91AB-44C7-B2FD-BCEB028FF6B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe
Task: {6ED04B22-FF2B-4657-A2DC-4FCE1D90A9CB} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {866704E7-0F2E-4995-85D4-703CBF9E1241} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A816F8AD-3B4E-4B1D-8202-EABE3C5EE876} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-15] (Intel Corporation)
Task: {AFD2CAF8-A357-409C-B4C9-F409D55AFEF6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {B82FA7BA-DF38-4CEC-9FF3-FC3AED168754} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {CF9AD7B1-A258-4614-AE15-AAB1352A2A4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-19] (AVAST Software)
Task: {D9DD9F47-0F79-48A3-8A7F-51A089EE2D23} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DE75DCC2-4981-4804-91D8-D8248A1F1E6A} - System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {E327E935-E671-4260-8172-436BE870BC17} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {ECFD5F00-7404-4420-A935-6D616BD65FE3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {FB6D6FE4-1610-4BB3-8519-231B3B051086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FF40CDEF-2FEE-441D-A1D5-433B2B50F330} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-10] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Arwen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-03-14 20:44 - 2017-03-14 20:44 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2017-04-28 13:28 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-28 13:28 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2011-03-09 16:34 - 2011-03-09 16:34 - 00144728 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
2012-08-24 05:10 - 2012-08-24 05:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2017-03-14 19:56 - 2017-03-14 19:56 - 00738032 _____ () C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe
2017-03-14 20:44 - 2017-03-14 20:44 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2017-03-14 20:44 - 2017-03-14 20:44 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2017-03-14 20:43 - 2017-03-14 20:43 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2017-03-16 15:15 - 2017-03-16 15:15 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8d7515e6fbe81597c2d526e8fbf958f7\PSIClient.ni.dll
2012-09-04 02:57 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2017-04-10 20:14 - 2017-04-10 20:14 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-12 18:00 - 2016-07-12 18:00 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-10 20:14 - 2017-04-10 20:14 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-10 20:13 - 2017-04-10 20:13 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-10 20:14 - 2017-04-10 20:14 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2017-04-28 16:28 - 2017-04-28 16:28 - 00098816 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32api.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00110080 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\pywintypes27.dll
2017-04-28 16:28 - 2017-04-28 16:28 - 00364544 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\pythoncom27.dll
2017-04-28 16:28 - 2017-04-28 16:28 - 00320512 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32com.shell.shell.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00914432 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_hashlib.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 01176576 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._core_.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00806400 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._gdi_.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00816128 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._windows_.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 01067008 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._controls_.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00733184 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._misc_.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00682496 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\pysqlite2._sqlite.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00088064 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_ctypes.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00686080 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\unicodedata.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00119808 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32file.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00108544 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32security.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00007168 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\hashobjs_ext.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00017920 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\thumbnails_ext.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00088064 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\usb_ext.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00012800 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\common.time34.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00018432 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32event.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00167936 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32gui.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00046080 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_socket.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 01303552 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_ssl.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00128512 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_elementtree.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00127488 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\pyexpat.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00038912 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32inet.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00036864 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_psutil_windows.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00524248 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\windows._lib_cacheinvalidation.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00011264 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32crypt.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00123392 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._wizard.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00077312 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._html2.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00027648 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_multiprocessing.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00020480 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\_yappi.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00035840 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32process.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00078848 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\wx._animate.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00024064 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32pipe.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00010240 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\select.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00025600 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32pdh.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00017408 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32profile.pyd
2017-04-28 16:28 - 2017-04-28 16:28 - 00022528 ____R () C:\Users\Arwen\AppData\Local\Temp\_MEI69562\win32ts.pyd
2017-03-18 22:49 - 2017-03-18 22:49 - 00101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2012-09-04 03:11 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 22:34 - 2012-06-07 22:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2011-03-09 16:31 - 2011-03-09 16:31 - 00089440 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\AddressBookCore.dll
2011-03-09 16:34 - 2011-03-09 16:34 - 00152944 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\en-US\ReminderApp.resources.dll
2017-04-04 20:38 - 2017-04-04 20:38 - 23772240 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2017-01-17 19:07 - 2017-01-17 19:07 - 00323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-04-04 20:38 - 2017-04-04 20:38 - 69743184 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2017-04-26 20:19 - 2017-04-19 00:04 - 02864984 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-26 20:19 - 2017-04-19 00:04 - 00087384 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [446]

Blue Star · 2017/04/28

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\vanillasoft.net -> hxxps://vanillasoft.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\Pictures\rhino 1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "MobileAppSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FA9129FF-73AD-4F17-A3E4-08C387470DC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BC33BA8B-43DA-4101-A7EF-C845A5EE9C1B}] => (Allow) LPort=1900
FirewallRules: [{A256DE0D-91C4-4813-8D37-4094F0093856}] => (Allow) LPort=2869
FirewallRules: [{A815C66B-2F5A-4DC6-8E6A-8422AAD9968A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E8A3DB7-6CD0-49AA-BEA6-1C2C78F8BD92}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{2DE15FEF-6E01-428D-A182-546B170AAE15}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{AD505DC0-F9C7-4705-A44A-AE403692F7A1}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe
FirewallRules: [{A715A783-E8A3-41C6-A5D1-91D53A40F5F6}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe
FirewallRules: [{48A033F5-76D1-48E1-A766-66C38E6AB5EE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{89291383-A2BC-4BA5-827A-07C7D77C1058}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1CBD6BF6-C91F-4AD7-B790-05962F10B60D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C70516C4-682D-4C00-AEBA-9516CDE43654}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{B8A52E80-E47F-4A31-8652-BBD0C01845C3}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe
FirewallRules: [TCP Query User{EE9B6915-CE09-48C0-B34A-B48F9C88A47D}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe
FirewallRules: [{9807E193-FC1A-49F5-B334-8E21B60A2E90}] => (Allow) C:\Users\Arwen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{2A1AB145-840C-4E4B-A732-E6AEA182B799}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [TCP Query User{47220578-96A8-48BC-8FA9-81CD8483B8B9}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [UDP Query User{FDB83730-E44D-42BA-B0BE-7325D05CFF85}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe
FirewallRules: [TCP Query User{7FC20502-F09E-4883-B32D-33DB7A6F7BB1}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe
FirewallRules: [UDP Query User{E920F795-8C2E-47C2-8BC7-AD34E45AB82E}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [TCP Query User{D10F29B3-A1D4-4199-A79A-1D8F9E6A3498}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [UDP Query User{D20A30A3-E10B-455C-964E-F3168399D131}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{6FB881D4-3548-4915-9B65-EFCF834D023F}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{34DCC5C5-F507-4750-A702-89C5C976901A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{AF65212D-E559-4D49-819C-46656D5E5574}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{F43B2C4C-F5EA-4363-9415-ECF9FAFFC407}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{897FCBF3-3082-48C3-9C78-0351D95DF122}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{75A7B777-C639-4F54-B838-0616DF7E3EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9A233B96-B59A-4837-AAF0-6F73C8FCFFE3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BE4847A3-39DA-4D16-9341-FC190F8C5255}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{475845B5-8E58-4B86-9021-F02FE930CAFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5BDA255-2693-4BA1-A18C-DDDCFC6447C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{187BFCA5-0861-47CB-B575-7B3B7EC2A064}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C18F5584-F470-40C2-9360-4DA6FCB4916B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{5C5B02E1-BDEE-41C4-87D7-7EA2548C06F0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{08436A3C-2D5B-4D4C-AAAD-C4A8B6307A25}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{6FB51C2C-3F02-49A1-9A6F-5C51DD31E436}] => (Allow) LPort=5357
FirewallRules: [{5559E64A-9A65-4EA3-B041-427F0FF3B67A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E76076D8-B77B-4717-8927-F0FCC8D3ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{537DE16A-DE03-4780-8EE2-65CE35CB3509}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{835DE832-FED2-47EE-9F44-1CC3F943C203}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe
FirewallRules: [UDP Query User{2669B789-2724-4AEE-955C-47B057D19522}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe
FirewallRules: [TCP Query User{F30DBDEB-139B-4448-A1FD-462F3C70FDF1}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe
FirewallRules: [UDP Query User{BD31835B-F3F4-44B4-9E61-9321DD1C0B1A}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe
FirewallRules: [TCP Query User{78C45732-CBED-4337-9D28-388F2B541261}C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [UDP Query User{D0181A7B-0503-4DB8-A6E4-D453AE855E64}C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [{35C62B24-008C-47F3-8842-CD26973164D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87F7ACBE-C5B0-4702-AC7D-DFEA5BB85994}] => (Allow) C:\Users\Arwen\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{9FDD3E37-054D-49A1-889B-A90032C25074}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{07CEFD97-E7A7-41B4-AD92-D421C838EAFE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{C6DBA34E-11CA-4CAA-B015-E0674E8B3DFE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{27E9E7D4-CD9D-4284-AB91-1E6560015DFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-04-2017 11:22:56 Windows Update
20-04-2017 14:55:35 Scheduled Checkpoint
27-04-2017 02:25:27 Removed Product Improvement Study for HP Officejet Pro 8610
28-04-2017 14:09:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2017 12:32:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d3c

Start Time: 01d2c0a0d80ce4b1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cd155e82-2c94-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/29/2017 12:24:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dd0

Start Time: 01d2c09fd869ec5b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cc06ce83-2c93-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/29/2017 12:04:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c48

Start Time: 01d2c09cfc139fac

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ef092d2a-2c90-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/28/2017 11:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a24

Start Time: 01d2c09951a45e53

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 4532d26e-2c8d-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/28/2017 11:08:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24c8

Start Time: 01d2c09521e46dad

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 14866e0e-2c89-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/28/2017 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1328

Start Time: 01d2c090efd1538e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e392e208-2c84-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/28/2017 10:00:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d14

Start Time: 01d2c08bac4dadb6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 99b6823d-2c7f-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/28/2017 04:33:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1298

Start Time: 01d2c05df7faaadf

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ebd3db25-2c51-11e7-bfb1-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/28/2017 04:28:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{EE8BACFF-60B3-4069-8F71-337A2662940A}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2017 03:35:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 784

Start Time: 01d2c055d2ab472d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c6593867-2c49-11e7-bfb0-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (04/28/2017 04:16:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/28/2017 04:16:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (04/28/2017 04:15:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:49:59 PM on ‎4/‎28/‎2017 was unexpected.

Error: (04/28/2017 02:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/28/2017 02:00:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/28/2017 01:59:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/28/2017 01:59:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (04/28/2017 01:55:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/28/2017 01:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/28/2017 01:54:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2017-04-27 02:48:50.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.362
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:49.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:48.065
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-27 02:48:47.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8083.5 MB
Available physical RAM: 4919.93 MB
Total Virtual: 10899.5 MB
Available Virtual: 6652.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:907.06 GB) (Free:664.66 GB) NTFS
Drive d: (HP OJ8610) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

broni · 2017/04/29

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Blue Star · 2017/04/29

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Arwen (29-04-2017 12:37:25) Run:2
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen (Available Profiles: Arwen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (No File)
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
GroupPolicy\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Toolbar: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
2015-11-02 18:57 - 2015-11-11 14:57 - 0000139 _____ () C:\Users\Arwen\AppData\Roaming\WB.CFG
2017-04-28 12:23 - 2017-04-28 12:29 - 0000000 _____ () C:\Users\Arwen\AppData\Local\{A88C90A5-864E-429C-B6F8-D94B093AAA5D}
2015-04-02 12:43 - 2015-04-02 12:43 - 0000057 _____ () C:\ProgramData\Ament.ini
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [446]

*****************

"C:\Program Files C:\Program Files C:\Program Files" => Value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key not found.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE => not found.
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE => not found.
"C:\WINDOWS\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => key not found.
"C:\Users\Arwen\AppData\Roaming\WB.CFG" => not found.
"C:\Users\Arwen\AppData\Local\{A88C90A5-864E-429C-B6F8-D94B093AAA5D}" => not found.
"C:\ProgramData\Ament.ini" => not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found.
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
"C:\ProgramData\Temp" => ":2CB9631F" ADS not found.
"C:\ProgramData\Temp" => ":59846E5E" ADS not found.

==== End of Fixlog 12:37:28 ====

broni · 2017/04/29

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

Log in or Sign up

Solved Lock Screen Opening Slowly as are all Pages

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Lock Screen Opening Slowly as are all Pages

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches