Inactive Long Running Script & Not Responding Big Time

Blue Star · 2017/05/25

Machine clocking and hanging almost continuously...

FRST...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by Arwen (administrator) on THEONE (25-05-2017 20:27:10)
Running from C:\Users\Arwen\Downloads
Loaded Profiles: Arwen (Available Profiles: Arwen)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Cisco WebEx LLC) C:\ProgramData\WebEx\WebEx\T32_TC\atmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Arwen\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-18] (Intel Corporation)
HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2017-03-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [738544 2017-05-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Google Update] => C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Spark] => C:\Program Files (x86)\Spark\Spark.exe
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.scr [322248 2014-03-31] (Microsoft Corporation)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-18]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Arwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{5E936670-642F-4052-AA03-D47CB7323CAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{C98612F8-1E09-4913-9A71-55F75A0B2F56}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001 -> {5702548C-054D-441C-8D09-68ACF36AA8ED} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-03-14] (RealDownloader)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-03-14] (RealDownloader)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
DPF: HKLM-x32 {03A89EFD-E023-B200-A22D-45F77558EB4C} hxxps://content10.invisionmeeting.com/download/AXCltInst11.dll
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {483EB14D-AF1C-4951-81B0-4E2B41829FF6} hxxps://assess.shlonline.com/cabs/QOLCheck.ocx
DPF: HKLM-x32 {494DE545-6D3C-4F63-9D73-CF408AB248D9} hxxps://vanillasoft.net/binarys/amiTapiPro.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127 [2017-05-10]
FF Extension: (Avast SafePrice) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\sp@avast.com.xpi [2017-05-10]
FF Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Roaming\Mozilla\Firefox\Profiles\wopnhc1d.default-1453139201127\Extensions\wrc@avast.com.xpi [2017-05-10]
FF ProfilePath: C:\Users\Arwen\AppData\Roaming\kompozer.net\KompoZer\Profiles\jj4nfp63.default [2015-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.7.343 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-03-18] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arwen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @talk.google.com/O1DPlugin -> C:\Users\Arwen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-09-18] (Intel)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-09-18] (Intel)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3548505277-2733688421-2640094488-1001: SkypePlugin64 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Arwen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://oibkikcneihjcakjbomejflolaijihln/newtab/newtab.html"
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default [2017-04-28]
CHR Extension: (Google Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-15]
CHR Extension: (Regex Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2015-04-13]
CHR Extension: (Google Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Google Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-04]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (FB UID Scraper) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfeilckipmpkmoblecjildbpgdjjpnj [2015-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Profile: C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-25]
CHR Extension: (Google Slides) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Google Docs) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Google Drive) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Avast SafePrice) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-16]
CHR Extension: (Google Sheets) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-23]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-18]
CHR Extension: (Skype) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-13]
CHR Extension: (FreeConferenceCall.com Extension) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2017-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Login Faster) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oibkikcneihjcakjbomejflolaijihln [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Arwen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-14] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2017-03-18] (RealNetworks, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

Blue Star · 2017/05/25

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [85552 2017-03-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-22] (Malwarebytes)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-28] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 20:27 - 2017-05-25 20:27 - 00033090 _____ C:\Users\Arwen\Downloads\FRST.txt
2017-05-25 20:26 - 2017-05-25 20:27 - 00000000 ____D C:\FRST
2017-05-25 20:26 - 2017-05-25 20:26 - 02429952 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64.exe
2017-05-25 20:26 - 2017-05-25 20:26 - 02429952 _____ (Farbar) C:\Users\Arwen\Downloads\FRST64 (1).exe
2017-05-25 20:17 - 2017-05-25 20:17 - 00112310 _____ C:\Users\Arwen\Desktop\AR License.pdf
2017-05-25 20:16 - 2017-05-25 20:16 - 00112310 _____ C:\Users\Arwen\Downloads\report.pdf
2017-05-25 20:16 - 2017-05-25 20:16 - 00112310 _____ C:\Users\Arwen\Downloads\report (1).pdf
2017-05-25 15:21 - 2017-05-25 15:21 - 01019204 _____ C:\Users\Arwen\Desktop\R5826074000SB17 _ FL Dobozy.pdf
2017-05-25 14:36 - 2017-05-25 14:36 - 01018766 _____ C:\Users\Arwen\Desktop\H5415076000SB17 _ FL.pdf
2017-05-25 12:10 - 2017-05-25 12:10 - 00919186 _____ C:\Users\Arwen\Desktop\S5884141000SB17 _ Patricia Smith.pdf
2017-05-25 09:02 - 2017-05-25 09:02 - 01091355 _____ C:\Users\Arwen\Desktop\H6609151000SB17 _ TX _ PPO _ 1690.pdf
2017-05-24 12:38 - 2017-05-24 12:38 - 01091355 _____ C:\Users\Arwen\Desktop\H6609151000SB17.pdf
2017-05-22 16:27 - 2017-05-22 16:27 - 00997474 _____ C:\Users\Arwen\Desktop\R5826067000SB17 _ 0Prem.pdf
2017-05-22 02:25 - 2017-05-22 02:26 - 00000000 ____D C:\Users\Arwen\Desktop\PICTURES _ 05.21.2017
2017-05-21 22:51 - 2017-05-21 22:51 - 06568608 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\ESETOnlineScanner_ENU (3).exe
2017-05-21 22:36 - 2017-05-21 22:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\RealNetworks
2017-05-21 22:36 - 2017-05-21 22:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\RealNetworks
2017-05-21 19:09 - 2017-05-22 01:59 - 00000000 ____D C:\Users\Arwen\Desktop\Desktop ICONS
2017-05-19 14:08 - 2017-05-19 14:08 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Kodi
2017-05-19 14:02 - 2017-05-19 14:03 - 83853671 _____ (XBMC-Foundation) C:\Users\Arwen\Downloads\kodi-17.1-Krypton.exe
2017-05-19 12:12 - 2017-05-19 12:12 - 00495098 _____ C:\Users\Arwen\Downloads\New Doc 2017-05-11 (3).pdf
2017-05-13 14:47 - 2017-04-28 18:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-13 14:47 - 2017-04-28 18:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 09:32 - 2017-03-30 09:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-05-10 09:32 - 2017-03-30 09:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-05-10 09:32 - 2017-03-30 09:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-05-10 09:32 - 2017-03-30 09:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-05-10 09:11 - 2017-04-26 10:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-05-10 09:11 - 2017-04-16 06:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 09:11 - 2017-04-16 06:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 09:11 - 2017-04-16 06:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-10 09:11 - 2017-04-16 05:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 09:11 - 2017-04-16 05:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-10 09:11 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 09:11 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 09:11 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 09:11 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 09:11 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 09:11 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 09:11 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 09:11 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 09:11 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 09:11 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 09:11 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 09:11 - 2017-04-09 18:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 09:11 - 2017-03-10 19:38 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-10 09:10 - 2017-04-28 17:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 09:10 - 2017-04-16 06:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 09:10 - 2017-04-16 06:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 09:10 - 2017-04-16 05:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 09:10 - 2017-04-16 05:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 09:10 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 09:10 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 09:10 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-10 09:10 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-05-10 09:10 - 2017-04-16 04:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 09:10 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 09:10 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 09:10 - 2017-04-16 04:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 09:10 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 09:10 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 09:10 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-05-10 09:10 - 2017-04-16 03:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-05-10 09:10 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-05-10 09:10 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 09:10 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 09:10 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 09:10 - 2017-04-16 03:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 09:10 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 09:10 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 09:10 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 09:10 - 2017-04-16 03:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 09:10 - 2017-04-16 03:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 09:10 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 09:10 - 2017-04-16 03:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-05-10 09:10 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 09:10 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 09:10 - 2017-04-16 03:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 09:10 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 09:10 - 2017-04-16 03:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-05-10 09:10 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 09:10 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 09:10 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 09:10 - 2017-04-09 18:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-10 09:10 - 2017-04-07 19:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-10 09:10 - 2017-04-07 09:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-05-10 09:10 - 2017-04-02 12:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 09:10 - 2017-04-02 12:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 09:10 - 2017-03-31 19:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 09:10 - 2017-03-31 17:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 09:10 - 2017-03-13 12:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-05-10 09:10 - 2017-03-13 12:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-05-10 09:10 - 2017-03-13 12:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-05-10 09:10 - 2017-03-13 12:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-05-10 09:10 - 2017-03-13 12:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-10 09:10 - 2017-03-13 12:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-05-10 09:10 - 2017-03-11 15:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-05-10 09:10 - 2017-03-11 15:32 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-05-10 09:10 - 2017-03-11 15:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-05-10 09:10 - 2017-03-11 14:49 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-10 09:10 - 2017-03-11 13:58 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-10 09:10 - 2017-03-11 13:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-05-10 09:10 - 2017-03-10 19:38 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-05-10 09:10 - 2017-03-09 16:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-05-10 09:10 - 2017-03-09 15:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-05-10 09:10 - 2017-03-07 22:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-05-10 08:43 - 2017-05-10 08:42 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-09 17:59 - 2017-05-09 17:59 - 00013480 _____ C:\Users\Arwen\Downloads\2017_Aetna_Individual_Medicare_Producer_Certification.pdf
2017-05-05 12:29 - 2017-05-05 12:29 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-05-05 12:29 - 2017-05-05 12:29 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-05-05 12:27 - 2017-05-05 12:28 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-05-04 13:27 - 2017-05-04 13:27 - 00000000 ____D C:\Users\Arwen\Documents\20170504-5-1-2017 Class Onboarding(3740213304)
2017-05-03 15:51 - 2017-05-03 15:51 - 00169768 _____ C:\Users\Arwen\Downloads\image.pdf
2017-05-03 15:29 - 2017-05-03 15:29 - 00115365 _____ C:\Users\Arwen\Downloads\licenses (1).pdf
2017-05-03 15:29 - 2017-05-03 15:29 - 00115364 _____ C:\Users\Arwen\Downloads\licenses.pdf
2017-05-03 15:21 - 2017-05-03 15:21 - 00834507 _____ C:\Users\Arwen\Downloads\License.pdf
2017-05-03 15:21 - 2017-05-03 15:21 - 00834507 _____ C:\Users\Arwen\Downloads\License (1).pdf
2017-05-03 14:48 - 2017-05-21 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-02 14:48 - 2017-05-02 14:48 - 01215324 _____ C:\Users\Arwen\Downloads\MASTER - Interactive - Approved 03-10-2017 (4).pdf
2017-05-02 14:44 - 2017-05-02 14:44 - 00373432 _____ C:\Users\Arwen\Downloads\BREAK OUT SHEET.pdf
2017-05-02 14:44 - 2017-05-02 14:44 - 00373432 _____ C:\Users\Arwen\Desktop\BREAK OUT SHEET.pdf
2017-05-02 14:25 - 2017-05-02 14:25 - 01215324 _____ C:\Users\Arwen\Downloads\MASTER - Interactive - Approved 03-10-2017 (3).pdf
2017-05-02 14:00 - 2017-05-02 14:00 - 01215324 _____ C:\Users\Arwen\Downloads\MASTER - Interactive - Approved 03-10-2017 (2).pdf
2017-05-02 11:04 - 2017-05-02 11:04 - 01215324 _____ C:\Users\Arwen\Downloads\MASTER - Interactive - Approved 03-10-2017 (1).pdf
2017-05-01 23:03 - 2017-05-01 23:03 - 01215324 _____ C:\Users\Arwen\Desktop\MASTER - Interactive - Approved 03-10-2017.pdf
2017-05-01 22:59 - 2017-05-01 22:59 - 01215324 _____ C:\Users\Arwen\Downloads\MASTER - Interactive - Approved 03-10-2017.pdf
2017-05-01 15:16 - 2017-05-01 15:16 - 00000000 ____D C:\Users\Arwen\Documents\20170501-Day 1 _ Medicare Team Training(3740126032)
2017-05-01 12:12 - 2017-05-01 12:13 - 01130328 _____ (Google Inc.) C:\Users\Arwen\Downloads\GoogleVoiceAndVideoSetup (3).exe
2017-05-01 12:12 - 2017-05-01 12:13 - 01130328 _____ (Google Inc.) C:\Users\Arwen\Downloads\GoogleVoiceAndVideoSetup (2).exe
2017-05-01 08:37 - 2017-05-25 08:33 - 00000000 ____D C:\Users\Arwen\AppData\LocalLow\WebEx
2017-04-30 17:09 - 2017-04-30 17:09 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-30 17:08 - 2017-04-30 17:08 - 00000000 ____D C:\Program Files\Java
2017-04-30 17:06 - 2017-04-30 17:07 - 65659968 _____ (Oracle Corporation) C:\Users\Arwen\Downloads\jre-8u131-windows-x64 (1).exe
2017-04-30 17:04 - 2017-04-30 17:05 - 65659968 _____ (Oracle Corporation) C:\Users\Arwen\Downloads\jre-8u131-windows-x64.exe
2017-04-30 16:58 - 2017-04-30 16:58 - 57495104 _____ (Oracle Corporation) C:\Users\Arwen\Downloads\jre-8u131-windows-i586.exe
2017-04-29 18:46 - 2017-04-29 18:47 - 166211496 _____ (Sophos Limited) C:\Users\Arwen\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-29 18:43 - 2017-04-29 18:45 - 166211496 _____ (Sophos Limited) C:\Users\Arwen\Downloads\Sophos Virus Removal Tool.exe
2017-04-28 13:28 - 2017-05-22 02:22 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-28 13:28 - 2017-05-13 07:48 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-28 13:28 - 2017-05-10 08:37 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-28 13:28 - 2017-05-10 08:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-28 13:28 - 2017-04-28 13:28 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-28 13:28 - 2017-04-28 13:28 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-28 13:28 - 2017-04-28 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-28 13:28 - 2017-04-28 13:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-28 13:28 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-28 13:26 - 2017-04-28 13:27 - 60107896 _____ (Malwarebytes ) C:\Users\Arwen\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-28 12:36 - 2017-04-28 12:36 - 35357840 _____ (Adlice Software ) C:\Users\Arwen\Downloads\setup.exe
2017-04-27 02:38 - 2017-04-30 16:57 - 00000000 ____D C:\Users\Arwen\AppData\LocalLow\Mozilla
2017-04-26 23:23 - 2017-04-26 23:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (2).exe
2017-04-26 23:23 - 2017-04-26 23:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Arwen\Downloads\esetonlinescanner_enu (1).exe
2017-04-26 23:15 - 2017-05-09 18:06 - 00000000 ____D C:\Users\Arwen\Desktop\AIO Ideal Concepts
2017-04-26 09:23 - 2017-04-26 09:24 - 00837814 _____ C:\Users\Arwen\Downloads\How To Register on the Humana Agent Portal.pdf
2017-04-25 11:50 - 2017-04-25 11:50 - 06392372 _____ C:\Users\Arwen\Downloads\one call close script 04.09.2017.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 14:28 - 2014-10-13 01:32 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF6E7FF6-A826-4FA6-A008-42C24AD91130}
2017-05-25 11:21 - 2012-09-04 02:57 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-05-25 10:43 - 2013-12-24 01:03 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\ClassicShell
2017-05-25 08:33 - 2015-08-26 10:59 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\webex
2017-05-25 08:25 - 2013-01-02 10:38 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2017-05-24 17:02 - 2015-08-26 10:59 - 00000000 __SHD C:\Users\Arwen\Documents\cache
2017-05-23 11:55 - 2013-08-02 19:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 11:52 - 2012-12-22 03:15 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 08:45 - 2014-09-24 03:15 - 00887272 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-22 08:45 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-22 02:32 - 2012-12-16 22:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3548505277-2733688421-2640094488-1001
2017-05-22 02:28 - 2012-09-04 03:05 - 00000000 ____D C:\ProgramData\WinClon
2017-05-22 02:24 - 2014-10-12 23:59 - 00000000 ___DO C:\Users\Arwen\OneDrive
2017-05-22 02:23 - 2012-09-04 02:57 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-05-22 02:21 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-22 02:17 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-05-22 02:15 - 2012-09-04 03:10 - 00000000 ____D C:\ProgramData\Temp
2017-05-21 22:36 - 2015-06-14 19:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-21 22:36 - 2013-07-06 15:23 - 00000000 ____D C:\Program Files (x86)\Real
2017-05-21 22:33 - 2014-04-08 10:05 - 00000000 ____D C:\Program Files\WinRAR
2017-05-21 22:33 - 2013-08-22 10:44 - 00579072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-21 22:31 - 2014-10-12 23:12 - 00000000 ____D C:\Users\Arwen
2017-05-21 22:20 - 2014-09-24 02:53 - 00000000 ____D C:\WINDOWS\ShellNew
2017-05-21 22:15 - 2015-09-16 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-05-21 19:41 - 2016-07-12 17:47 - 00000000 ____D C:\Users\Arwen\Desktop\INSURANCE
2017-05-21 19:08 - 2012-12-16 22:21 - 00000000 ____D C:\Users\Arwen\AppData\Local\CrashDumps
2017-05-18 10:21 - 2013-04-10 11:15 - 00000000 ____D C:\Users\Arwen\AppData\Local\ElevatedDiagnostics
2017-05-18 09:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-18 02:01 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2017-05-17 22:57 - 2013-07-12 13:33 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-13 14:38 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-12 20:44 - 2014-02-13 12:25 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 07:42 - 2017-04-24 21:54 - 00000000 ____D C:\Users\Arwen\Desktop\NSA _ 04.24.2017
2017-05-10 21:27 - 2017-03-16 18:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-10 21:27 - 2013-07-08 15:31 - 00000000 ____D C:\ProgramData\Skype
2017-05-10 09:41 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 08:45 - 2016-07-19 22:08 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468980498
2017-05-10 08:45 - 2016-07-19 22:08 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-10 08:44 - 2017-03-19 21:03 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-10 08:42 - 2016-07-12 18:01 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-10 08:42 - 2014-08-06 23:23 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-10 08:42 - 2014-08-06 23:23 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-10 08:42 - 2014-02-13 12:25 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-10 08:42 - 2014-02-13 12:25 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-10 08:42 - 2014-02-13 12:25 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-10 08:42 - 2014-02-13 12:25 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-10 08:42 - 2014-02-13 12:25 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-10 08:41 - 2017-03-19 21:03 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-10 08:41 - 2017-03-19 21:03 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-10 08:41 - 2017-03-19 21:03 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-10 08:41 - 2017-03-19 21:03 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-09 09:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-09 09:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-09 09:13 - 2013-06-17 12:52 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-09 08:38 - 2017-04-11 13:17 - 00000000 ____D C:\ProgramData\WebEx
2017-05-04 17:21 - 2015-01-04 15:13 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 14:56 - 2013-07-08 15:31 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Skype
2017-05-03 16:08 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-03 16:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-02 00:33 - 2016-01-10 15:42 - 00000000 ____D C:\Users\Arwen\Desktop\Wire Wrap Tutes _ 01.10.2016
2017-04-30 21:06 - 2016-02-16 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-30 21:06 - 2014-02-12 07:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-30 17:15 - 2015-03-21 13:22 - 00002670 _____ C:\DelFix.txt
2017-04-30 17:09 - 2015-03-21 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-30 17:03 - 2015-03-21 13:16 - 00000000 ____D C:\ProgramData\Oracle
2017-04-30 17:03 - 2013-06-17 11:18 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-30 17:02 - 2013-06-17 11:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-29 12:29 - 2015-09-30 11:10 - 00000008 __RSH C:\Users\Arwen\ntuser.pol
2017-04-29 12:26 - 2013-12-16 11:05 - 00003508 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA
2017-04-29 12:26 - 2013-12-16 11:05 - 00003236 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core
2017-04-29 12:26 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-29 12:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-28 22:06 - 2013-02-11 10:49 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 22:06 - 2013-02-11 10:49 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 13:54 - 2015-09-14 13:55 - 00000000 ____D C:\ProgramData\BSD
2017-04-28 13:54 - 2013-03-22 11:22 - 00000000 ____D C:\Users\Arwen\AppData\LocalLow\Yahoo!
2017-04-28 13:28 - 2013-05-19 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-28 13:25 - 2013-03-22 11:22 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-04-28 12:41 - 2015-03-17 22:56 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-27 13:25 - 2015-05-06 13:59 - 00000000 ____D C:\Users\Arwen\AppData\Roaming\Google
2017-04-27 13:20 - 2013-01-22 13:05 - 00000000 ____D C:\Program Files\Google
2017-04-27 13:20 - 2013-01-22 13:02 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-27 02:45 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-27 02:44 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-27 02:33 - 2013-01-22 13:02 - 00000000 ____D C:\Users\Arwen\AppData\Local\Google

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-22 02:32

==================== End of FRST.txt ============================

Blue Star · 2017/05/25

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Arwen (25-05-2017 20:28:21)
Running from C:\Users\Arwen\Downloads
Windows 8.1 (Update) (X64) (2014-10-13 03:51:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3548505277-2733688421-2640094488-500 - Administrator - Disabled)
Arwen (S-1-5-21-3548505277-2733688421-2640094488-1001 - Administrator - Enabled) => C:\Users\Arwen
Guest (S-1-5-21-3548505277-2733688421-2640094488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3548505277-2733688421-2640094488-1049 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.5 - Advanced Business Objects)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Chromium (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Cisco WebEx Meetings (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 41450 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
INVISION 11 Client (HKLM-x32\...\iLincClient.11) (Version: - )
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ListExtractor (HKLM-x32\...\{9BDEFE48-95D2-45A7-AC9F-B9CECC0E8E42}) (Version: 2.00.0000 - AtPacific)
Luxor 3 (HKLM-x32\...\BFG-Luxor 3) (Version: - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.1.2 - Nova Development)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.7.347 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SHA Premium Quotation System (HKLM-x32\...\SHA Premium Quotation System) (Version: Version 2.1 - USHEALTH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{8E00BFA9-1C7B-4E45-BF2F-0FAEA236E1CC}\localserver32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Arwen\AppData\Local\SkypePlugin\7.5.0.127\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Arwen\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05DAE92A-6C6F-4145-A0E4-DC211BE58AD8} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {1834511F-636F-4703-8D12-7C29F892135D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {1C070222-6971-435D-9EFA-041063DB7483} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {25273BEB-1596-4DF2-9ACB-64FB9B924E10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001Core => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {273E163D-8BD0-4420-A6BF-604990062399} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe
Task: {33C2B19B-605D-4B98-AB07-6A0AA22E83FA} - System32\Tasks\FaxArchive_CN2BD211XW05S1 => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe
Task: {3F5DA5C4-9997-473E-945E-7CC7AA284FC9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: {45ABB5F7-5C01-489E-9D24-75ECFC93A2EE} - System32\Tasks\{0B005567-2F27-4C11-B217-48FB79CD4CFB} => pcalua.exe -a "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe" -c /remove /q0
Task: {4A04CE14-2029-40C9-B3EC-3BB4A3B3B5B7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {4AD36E97-A0A7-4DC5-A480-09E50B73AAFA} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-30] (SEC)
Task: {54775C17-0CFA-4B0B-9666-0833EE6839C5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {5BF4106A-98B2-43EC-BFCA-BF41A8DD36A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-15] (Intel Corporation)
Task: {5CC84A7B-C17B-4951-A1F2-A2919DC9DC8A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {60FB7622-C6C3-4C23-B13C-20E588F1ACDA} - System32\Tasks\{DD3B9BBD-8D10-425E-8F91-2FDD3699230E} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.85.101/en/abandoninstall?page=tsBing
Task: {675B1F76-91AB-44C7-B2FD-BCEB028FF6B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe
Task: {6ED04B22-FF2B-4657-A2DC-4FCE1D90A9CB} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {866704E7-0F2E-4995-85D4-703CBF9E1241} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A816F8AD-3B4E-4B1D-8202-EABE3C5EE876} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-15] (Intel Corporation)
Task: {B82FA7BA-DF38-4CEC-9FF3-FC3AED168754} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {CF9AD7B1-A258-4614-AE15-AAB1352A2A4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-19] (AVAST Software)
Task: {D5F6805B-C465-48BB-A2AD-8ACDEE1EC059} - System32\Tasks\SafeZone scheduled Autoupdate 1468980498 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {D9DD9F47-0F79-48A3-8A7F-51A089EE2D23} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DE75DCC2-4981-4804-91D8-D8248A1F1E6A} - System32\Tasks\HP AR Program Upload - 1d899e09ae474e75b00a468cbd134de7aa32ec3dee4246869e6c83f89188eeec => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {E327E935-E671-4260-8172-436BE870BC17} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3548505277-2733688421-2640094488-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {ECFD5F00-7404-4420-A935-6D616BD65FE3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {FB6D6FE4-1610-4BB3-8519-231B3B051086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3548505277-2733688421-2640094488-1001UA => C:\Users\Arwen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Arwen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-03-14 20:44 - 2017-03-14 20:44 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2017-04-28 13:28 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2011-03-09 16:34 - 2011-03-09 16:34 - 00144728 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe
2012-08-24 05:10 - 2012-08-24 05:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2017-05-17 22:57 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-17 22:57 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-03-14 20:44 - 2017-03-14 20:44 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2017-03-14 20:44 - 2017-03-14 20:44 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2017-03-14 20:43 - 2017-03-14 20:43 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 05:48 - 2012-08-26 05:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2017-05-10 08:42 - 2017-05-10 08:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 08:42 - 2017-05-10 08:42 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 08:42 - 2017-05-10 08:42 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 08:42 - 2017-05-10 08:42 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 08:42 - 2017-05-10 08:42 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-10 08:41 - 2017-05-10 08:41 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-10 08:42 - 2017-05-10 08:42 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-09-04 03:11 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 22:34 - 2012-06-07 22:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-03 14:38 - 2012-09-18 15:04 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2011-03-09 16:31 - 2011-03-09 16:31 - 00089440 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\AddressBookCore.dll
2011-03-09 16:34 - 2011-03-09 16:34 - 00152944 _____ () C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\en-US\ReminderApp.resources.dll
2017-05-17 23:11 - 2017-05-17 23:11 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\45eab03aba84951dc2a8fd2b4c8873eb\PSIClient.ni.dll
2017-05-22 02:24 - 2017-05-22 02:24 - 00098816 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32api.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00110080 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\pywintypes27.dll
2017-05-22 02:24 - 2017-05-22 02:24 - 00364544 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\pythoncom27.dll
2017-05-22 02:24 - 2017-05-22 02:24 - 00320512 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32com.shell.shell.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00914432 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_hashlib.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 01176576 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._core_.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00806400 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._gdi_.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00816128 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._windows_.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 01067008 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._controls_.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00733184 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._misc_.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00682496 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\pysqlite2._sqlite.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00088064 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_ctypes.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00686080 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\unicodedata.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00119808 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32file.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00108544 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32security.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00007168 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\hashobjs_ext.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00017920 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\thumbnails_ext.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00088064 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\usb_ext.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00012800 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\common.time34.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00018432 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32event.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00167936 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32gui.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00046080 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_socket.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 01303552 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_ssl.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00128512 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_elementtree.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00127488 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\pyexpat.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00038912 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32inet.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00036864 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_psutil_windows.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00524248 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\windows._lib_cacheinvalidation.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00011264 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32crypt.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00123392 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._wizard.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00077312 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._html2.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00027648 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_multiprocessing.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00020480 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\_yappi.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00035840 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32process.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00078848 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\wx._animate.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00024064 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32pipe.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00010240 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\select.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00025600 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32pdh.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00017408 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32profile.pyd
2017-05-22 02:24 - 2017-05-22 02:24 - 00022528 _____ () C:\Users\Arwen\AppData\Local\Temp\_MEI54482\win32ts.pyd
2012-09-04 02:57 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-05-01 08:38 - 2017-05-09 08:38 - 00238232 _____ () C:\ProgramData\WebEx\WebEx\T32_TC\atjpeg60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:59846E5E [446]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\evolvondemand.net -> hxxps://transcom.evolvondemand.net
IE trusted site: HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\vanillasoft.net -> hxxps://vanillasoft.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arwen\Pictures\rhino 1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "HP Officejet 4620 series (NET)"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "eyeBeam SIP Client"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "MobileAppSync"
HKU\S-1-5-21-3548505277-2733688421-2640094488-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FA9129FF-73AD-4F17-A3E4-08C387470DC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BC33BA8B-43DA-4101-A7EF-C845A5EE9C1B}] => (Allow) LPort=1900
FirewallRules: [{A256DE0D-91C4-4813-8D37-4094F0093856}] => (Allow) LPort=2869
FirewallRules: [{A815C66B-2F5A-4DC6-8E6A-8422AAD9968A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E8A3DB7-6CD0-49AA-BEA6-1C2C78F8BD92}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{2DE15FEF-6E01-428D-A182-546B170AAE15}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{AD505DC0-F9C7-4705-A44A-AE403692F7A1}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe
FirewallRules: [{A715A783-E8A3-41C6-A5D1-91D53A40F5F6}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Lead Extractor\AtomicLeadExtractor.exe
FirewallRules: [{48A033F5-76D1-48E1-A766-66C38E6AB5EE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{89291383-A2BC-4BA5-827A-07C7D77C1058}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1CBD6BF6-C91F-4AD7-B790-05962F10B60D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C70516C4-682D-4C00-AEBA-9516CDE43654}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{B8A52E80-E47F-4A31-8652-BBD0C01845C3}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe
FirewallRules: [TCP Query User{EE9B6915-CE09-48C0-B34A-B48F9C88A47D}C:\program files (x86)\ghostsurf\ghostsurf.exe] => (Allow) C:\program files (x86)\ghostsurf\ghostsurf.exe
FirewallRules: [{9807E193-FC1A-49F5-B334-8E21B60A2E90}] => (Allow) C:\Users\Arwen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{2A1AB145-840C-4E4B-A732-E6AEA182B799}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [TCP Query User{47220578-96A8-48BC-8FA9-81CD8483B8B9}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [UDP Query User{FDB83730-E44D-42BA-B0BE-7325D05CFF85}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe
FirewallRules: [TCP Query User{7FC20502-F09E-4883-B32D-33DB7A6F7BB1}C:\program files (x86)\sha\shaquote.exe] => (Allow) C:\program files (x86)\sha\shaquote.exe
FirewallRules: [UDP Query User{E920F795-8C2E-47C2-8BC7-AD34E45AB82E}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [TCP Query User{D10F29B3-A1D4-4199-A79A-1D8F9E6A3498}C:\program files (x86)\sha\sha.exe] => (Allow) C:\program files (x86)\sha\sha.exe
FirewallRules: [UDP Query User{D20A30A3-E10B-455C-964E-F3168399D131}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{6FB881D4-3548-4915-9B65-EFCF834D023F}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{34DCC5C5-F507-4750-A702-89C5C976901A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{AF65212D-E559-4D49-819C-46656D5E5574}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{F43B2C4C-F5EA-4363-9415-ECF9FAFFC407}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{897FCBF3-3082-48C3-9C78-0351D95DF122}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{75A7B777-C639-4F54-B838-0616DF7E3EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9A233B96-B59A-4837-AAF0-6F73C8FCFFE3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BE4847A3-39DA-4D16-9341-FC190F8C5255}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{475845B5-8E58-4B86-9021-F02FE930CAFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5BDA255-2693-4BA1-A18C-DDDCFC6447C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{187BFCA5-0861-47CB-B575-7B3B7EC2A064}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C18F5584-F470-40C2-9360-4DA6FCB4916B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{5C5B02E1-BDEE-41C4-87D7-7EA2548C06F0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{08436A3C-2D5B-4D4C-AAAD-C4A8B6307A25}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{6FB51C2C-3F02-49A1-9A6F-5C51DD31E436}] => (Allow) LPort=5357
FirewallRules: [{5559E64A-9A65-4EA3-B041-427F0FF3B67A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E76076D8-B77B-4717-8927-F0FCC8D3ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{537DE16A-DE03-4780-8EE2-65CE35CB3509}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{835DE832-FED2-47EE-9F44-1CC3F943C203}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe
FirewallRules: [UDP Query User{2669B789-2724-4AEE-955C-47B057D19522}C:\program files (x86)\spark\spark.exe] => (Allow) C:\program files (x86)\spark\spark.exe
FirewallRules: [TCP Query User{F30DBDEB-139B-4448-A1FD-462F3C70FDF1}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe
FirewallRules: [UDP Query User{BD31835B-F3F4-44B4-9E61-9321DD1C0B1A}C:\program files (x86)\kiax2.1-beta2\kiax.exe] => (Allow) C:\program files (x86)\kiax2.1-beta2\kiax.exe
FirewallRules: [TCP Query User{78C45732-CBED-4337-9D28-388F2B541261}C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [UDP Query User{D0181A7B-0503-4DB8-A6E4-D453AE855E64}C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\arwen\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [{35C62B24-008C-47F3-8842-CD26973164D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87F7ACBE-C5B0-4702-AC7D-DFEA5BB85994}] => (Allow) C:\Users\Arwen\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{9FDD3E37-054D-49A1-889B-A90032C25074}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{C6DBA34E-11CA-4CAA-B015-E0674E8B3DFE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{61CA8C50-AB85-42B6-8D32-74666A8B275B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_1\SZBrowser.exe
FirewallRules: [{595118C1-3DFE-478F-9D8F-ECFB08D6762F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E0BB190D-654A-49BD-A81C-5933829A0D70}C:\users\arwen\kodi\kodi.exe] => (Allow) C:\users\arwen\kodi\kodi.exe
FirewallRules: [UDP Query User{A37F0A12-6BDF-4469-A8D2-755EBA9B8FC5}C:\users\arwen\kodi\kodi.exe] => (Allow) C:\users\arwen\kodi\kodi.exe

==================== Restore Points =========================

05-05-2017 12:21:44 Installed OpenOffice 4.1.3
10-05-2017 09:29:38 Windows Update
18-05-2017 01:57:55 Scheduled Checkpoint
21-05-2017 22:07:44 Removed Citrix Online Launcher

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2017 08:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 444c

Start Time: 01d2d5b60a1946c7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: fd9b85dd-41a9-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 07:56:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b1c

Start Time: 01d2d5b1d933c113

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ccb1271f-41a5-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 07:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3f44

Start Time: 01d2d5ada84bc0f4

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 9bce2cd7-41a1-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 06:56:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e94

Start Time: 01d2d5a977b874e7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6afe03b6-419d-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 06:26:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 206c

Start Time: 01d2d5a54686c85d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3a0c2b56-4199-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 05:56:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2570

Start Time: 01d2d5a115aab1ba

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 092b4bfe-4195-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 05:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1aa4

Start Time: 01d2d59ce5af48c5

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d84c00bf-4190-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 04:56:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1158

Start Time: 01d2d598b5ef8a7b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a835c1c8-418c-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 04:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1148

Start Time: 01d2d594835243be

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 768487cf-4188-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/25/2017 03:56:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 309c

Start Time: 01d2d590521b00f4

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 459878f9-4184-11e7-bfbf-b888e36c7608

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (05/25/2017 02:44:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/25/2017 12:46:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.

Error: (05/25/2017 12:46:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.

Error: (05/25/2017 08:25:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Error: (05/25/2017 08:24:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Error: (05/25/2017 08:24:21 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{5E936670-642F-4052-AA03-D47CB7323CAE} because another computer on the network has the same name. The server could not start.

Error: (05/22/2017 02:23:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/22/2017 02:23:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (05/21/2017 10:37:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/21/2017 10:37:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

CodeIntegrity:
===================================
Date: 2017-05-25 14:49:27.485
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:27.285
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:27.085
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:26.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:26.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:26.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:26.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:26.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:25.868
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-05-25 14:49:25.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8083.5 MB
Available physical RAM: 5415.57 MB
Total Virtual: 12691.5 MB
Available Virtual: 6772.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:907.06 GB) (Free:642.52 GB) NTFS
Drive e: (My Book) (Fixed) (Total:232.83 GB) (Free:196.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 8F9C798A)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0C)

==================== End of Addition.txt ============================

broni · 2017/05/25

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Blue Star · 2017/05/30

RogueKiller V12.10.10.0 (x64) [May 22 2017] (Free) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum - Home
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Downloads - Adlice Software

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Arwen [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/25/2017 21:20:01 (Duration : 00:43:13)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 19a5b97c94ad62fe7b16cd7724b8e74a
[BSP] 207e734b8d2d61ca982caa7896d12816 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1026048 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1640448 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1902592 | Size: 928830 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1904146432 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1905068032 | Size: 22636 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 1951426560 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD 2500BB External USB Device +++++
--- User ---
[MBR] bc781624181ab32281191e636b2caa8d
[BSP] 49facedad3640935e7bf61a4a2bdd488 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Blue Star · 2017/05/30

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/30/17
Scan Time: 9:37 AM
Logfile: Malwarebytes _ 05.30.2017.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2051
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: THEONE\Arwen

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383630
Time Elapsed: 13 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Blue Star · 2017/05/30

# AdwCleaner v6.047 - Logfile created 30/05/2017 at 13:40:23
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-26.6 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Arwen - THEONE
# Running from : C:\Users\Arwen\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : Customer Support & Help Center

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [912 Bytes] - [30/05/2017 13:40:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [1256 Bytes] - [30/05/2017 10:30:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1057 Bytes] ##########

Blue Star · 2017/05/30

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Arwen (Administrator) on Tue 05/30/2017 at 13:52:10.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5702548C-054D-441C-8D09-68ACF36AA8ED} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/30/2017 at 13:55:54.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Blue Star · 2017/05/30

Somewhere, I lost this report!.... (AdwCleaner[CX].txt)

broni · 2017/05/30

All clean there.
I suggest new topic in Windows forum.
Good luck

Blue Star · 2017/05/30

Thank you so much for your help broni!! You Light Up My Life!
Actually the machine is running at a much faster rate now that I've cleaned out just those few little things!

I am running a Windows 7 shell on top of my Windows 8 so that maybe some of my problem

broni · 2017/05/30

Log in or Sign up

Inactive Long Running Script & Not Responding Big Time

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Long Running Script & Not Responding Big Time

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches