Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fatal-xxx-dangerous-windows AVAST Malware? [Solved]

Started by Silvertraveller , Jun 05 2015 10:07 AM
malware

  • This topic is locked This topic is locked

#1
Silvertraveller
Posted 05 June 2015 - 10:07 AM

Silvertraveller

    New Member

  • Member
  • Pip
  • 7 posts

Hello, please can someone help me - I believe I have been the victim of an attempted scam and my PC has been infected with some Malware/Virus.

 

Yesterday, 4th June 2015, I received an email supposedly from my Antivirus company Avast telling me I had only a few days protection left.  I had received various emails advising me that protection was coming to an end.  Yesterday I went to the Avast website (or what I thought was the Avast website) and found a telephone number which I rang.  The number was a freephone number but unfortunately I do not recall what it was.  The first Asian operator I spoke to convinced me to allow him access to my computer remotely (in hindsight I appreciate this was not wise but I though I was talking to a legitimate Avast operator). 

 

I was then passed through 2 other operators until one said I was infected with a trojan and he would 'sort it out' and give me PC support for £400+  this figure kept reducing as I said I was not happy.  I finally disconnected from the telephone call and turned my computer off and spoke to my neighbor who is helping me to sort this problem out.  We have run Malwarebytes and tried to run AVAST but every time I connect to the internet and launch Google I get lots of messages telling me I am infected and to click to download things to sort it out.  I have obviously not done this and my neighbor told me about you kind people at GeeksToGo and so I have come to you.

 

I have just run FRST and here are the logs - many thanks in advance.

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Margret (administrator) on MARGARET-PC on 05-06-2015 16:39:06
Running from C:\Users\Margret\Desktop
Loaded Profiles: Margret (Available Profiles: Margret)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-06-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Google Update] => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-25] (Google Inc.)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\ElementsOrganizerRevelAgent.exe [2723232 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Spotify Web Helper] => C:\Users\Margret\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Spotify] => C:\Users\Margret\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\MountPoints2: {485ff9e9-e0bf-11e3-8265-ac7ba13c5dc5} - "E:\WD SmartWare.exe" autoplay=true
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk [2014-04-12]
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-03-25]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3145712594-1130862659-1550497800-1001] => http=127.0.0.1:13804
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.dell13.uk.msn.com/
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {8025EEDE-823D-49E5-8B70-B5E811C2E791} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {8025EEDE-823D-49E5-8B70-B5E811C2E791} URL =
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> URL http://search.condui...archTerms}=
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-28] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
BHO: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: No Name -> {e8ca604f-9b07-409e-b898-a519ad2a283b} ->  No File
BHO-x32: No Name -> {0214754e-4e7d-4589-829d-e2523e6a3085} ->  No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: No Name -> {65f159fb-5f5e-46f4-b45d-ccfa236d2073} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-28] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-17] (Google Inc.)
BHO-x32: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} ->  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-17] (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-30] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2014-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2014-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3145712594-1130862659-1550497800-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-03-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3145712594-1130862659-1550497800-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-03-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-25]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
CHR Extension: (YouTube) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (RealPlayer Downloader) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Gmail) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-28] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-28] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-07] (CyberLink)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-24] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-30] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-28] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-24] (Intel Corporation)
U0 igfgxdff; C:\Windows\System32\drivers\ibbmmsts.sys [79064 2015-06-05] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 16:39 - 2015-06-05 16:39 - 00025106 _____ C:\Users\Margret\Desktop\FRST.txt
2015-06-05 16:39 - 2015-06-05 16:39 - 00000000 ____D C:\FRST
2015-06-05 16:36 - 2015-06-05 16:36 - 02108928 _____ (Farbar) C:\Users\Margret\Desktop\FRST64.exe
2015-06-05 16:19 - 2015-06-05 16:19 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ibbmmsts.sys
2015-06-04 10:21 - 2015-06-04 15:52 - 00000000 ____D C:\Users\Margret\AppData\Local\LogMeIn Rescue Applet
2015-06-04 10:02 - 2015-06-04 10:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-05-25 16:44 - 2015-05-25 16:56 - 00000000 ____D C:\Users\Margret\Desktop\Halifax Car Insurance 2015
2015-05-25 16:30 - 2015-05-25 16:34 - 00000000 ____D C:\Users\Margret\Documents\JIMS CLAIM
2015-05-25 16:28 - 2015-05-25 16:29 - 00000000 ____D C:\Users\Margret\Documents\MELLOR my house
2015-05-25 15:55 - 2015-05-25 15:55 - 00001078 _____ C:\Users\Public\Desktop\MyEpson Portal.lnk
2015-05-18 10:37 - 2015-05-18 10:37 - 00001002 _____ C:\Users\Margret\Desktop\img004 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-25 16:34 - 00001992 _____ C:\Users\Margret\Desktop\Avast Internet Security.lnk
2015-05-18 10:21 - 2015-05-25 16:34 - 00000840 _____ C:\Users\Margret\Desktop\CCleaner.lnk
2015-05-18 10:21 - 2015-05-25 16:29 - 00002052 _____ C:\Users\Margret\Desktop\Avast SafeZone.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00002205 _____ C:\Users\Margret\Desktop\Google Chrome.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001912 _____ C:\Users\Margret\Desktop\Adobe Photoshop Elements 12.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001859 _____ C:\Users\Margret\Desktop\QuickTime Player.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001797 _____ C:\Users\Margret\Desktop\iTunes.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001284 _____ C:\Users\Margret\Desktop\Epson Manuals.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001157 _____ C:\Users\Margret\Desktop\GUY01_itinerary_Guyana_A_Timeless_Paradise - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001128 _____ C:\Users\Margret\Desktop\Picasa 3.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001062 _____ C:\Users\Margret\Desktop\RealPlayer Cloud.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001049 _____ C:\Users\Margret\Desktop\EOS_600D_Instruction_Manual_EN - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001049 _____ C:\Users\Margret\Desktop\Download halifax car ins 14-15 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000952 _____ C:\Users\Margret\Desktop\EPSON Scan.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000919 _____ C:\Users\Margret\Desktop\Adobe Photoshop Elements 12 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000847 _____ C:\Users\Margret\Desktop\LOVE NEVER DIES CD1 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000838 _____ C:\Users\Margret\Desktop\ANDREW LLOYD WEBBER LOVE NEVER DIES CD1 - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000838 _____ C:\Users\Margret\Desktop\AAW CONTACT DISK 1 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000820 _____ C:\Users\Margret\Documents\jims claim forms - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000812 _____ C:\Users\Margret\Desktop\margaret arden - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000802 _____ C:\Users\Margret\Desktop\CANON 600D (2) - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000757 _____ C:\Users\Margret\Desktop\PANASONIC - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000719 _____ C:\Users\Margret\Desktop\.temp - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000674 _____ C:\Users\Margret\Desktop\OneDrive - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000669 _____ C:\Users\Margret\Desktop\Desktop - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000654 _____ C:\Users\Margret\Desktop\Libraries - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000462 _____ C:\Users\Margret\Desktop\Elements (J) - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000363 _____ C:\Users\Margret\Desktop\Control Panel - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000359 _____ C:\Users\Margret\Desktop\Recycle Bin - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000351 _____ C:\Users\Margret\Desktop\Network - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000166 _____ C:\Users\Margret\Desktop\BBC - Homepage (2).url
2015-05-18 10:21 - 2015-05-18 10:21 - 00000134 _____ C:\Users\Margret\Desktop\Haughton Thornley Medical Centres - Patient information portal (3).url
2015-05-14 16:46 - 2015-06-05 15:55 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3145712594-1130862659-1550497800-1001
2015-05-14 16:40 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:40 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:38 - 2015-05-14 16:40 - 00000000 ____D C:\45b0d9bf6307963a73b52af2e8e5
2015-05-14 14:39 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-14 14:38 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 14:38 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 14:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 14:38 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 14:38 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 14:38 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 14:38 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 14:38 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 14:38 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 14:38 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 14:38 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 14:38 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-14 14:38 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 14:38 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 14:38 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 14:38 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-14 14:38 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 14:38 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 14:38 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-14 14:38 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 14:38 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-14 14:38 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 14:38 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 14:38 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 14:38 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 14:38 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 14:38 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 14:38 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-14 14:38 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 14:38 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-14 14:38 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 14:38 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-14 14:38 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 14:38 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 14:38 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 14:38 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 14:38 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 14:38 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 14:38 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 14:38 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 14:38 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 14:38 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 14:38 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 14:38 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 14:38 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 14:38 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-14 14:38 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 14:38 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-14 14:38 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 14:38 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-14 14:38 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-14 14:38 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-14 14:38 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-14 14:38 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-14 14:38 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-14 14:38 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 14:38 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 14:38 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 14:38 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 14:38 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-14 14:38 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-14 14:38 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-14 14:38 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-14 14:38 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-14 14:38 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-14 14:38 - 2015-03-13 01:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-14 14:38 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 14:38 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 14:38 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-14 14:38 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 14:38 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-14 14:38 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 14:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 14:38 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-14 14:38 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-14 14:38 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-14 14:38 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-14 14:38 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 08:56 - 2015-05-12 08:56 - 00001830 _____ C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 16:09 - 2014-05-21 09:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 16:07 - 2014-03-04 02:07 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 16:06 - 2014-05-21 15:52 - 00000000 ____D C:\Users\Margret\AppData\Local\CrashDumps
2015-06-05 16:01 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-05 15:57 - 2014-10-04 16:44 - 01257060 _____ C:\Windows\WindowsUpdate.log
2015-06-05 15:57 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 15:55 - 2014-12-06 12:17 - 00003320 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3145712594-1130862659-1550497800-1001
2015-06-05 15:55 - 2014-11-27 16:19 - 00006440 _____ C:\Windows\setupact.log
2015-06-05 15:55 - 2014-07-17 17:45 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-05 15:55 - 2014-07-17 17:44 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 15:55 - 2014-06-08 15:58 - 00000000 __RDO C:\Users\Margret\OneDrive
2015-06-05 15:54 - 2014-12-06 12:15 - 00097580 _____ C:\Windows\PFRO.log
2015-06-05 15:50 - 2014-03-25 16:15 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001Core.job
2015-06-05 15:49 - 2014-07-17 17:44 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 15:36 - 2014-03-25 16:15 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA.job
2015-06-05 15:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-05 14:52 - 2014-04-09 15:52 - 00000941 _____ C:\Windows\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686}.job
2015-06-05 14:52 - 2014-04-09 15:52 - 00000755 _____ C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686}.job
2015-06-05 02:00 - 2014-04-15 10:56 - 00000000 ____D C:\Users\Margret\AppData\Local\Adobe
2015-06-04 17:00 - 2014-03-24 23:28 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3145712594-1130862659-1550497800-1001
2015-06-04 15:55 - 2014-03-31 16:55 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Epson
2015-06-04 15:55 - 2014-03-31 14:47 - 00000000 ____D C:\ProgramData\Epson
2015-06-04 15:51 - 2014-03-04 01:11 - 00000000 ____D C:\Windows\Panther
2015-06-04 12:53 - 2014-10-03 17:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 12:53 - 2014-05-21 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 12:53 - 2014-05-21 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-04 12:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-04 11:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-04 10:33 - 2014-03-24 15:13 - 00000000 ____D C:\Users\Margret\Documents\Outlook Files
2015-06-04 10:02 - 2014-03-04 02:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-05-25 15:55 - 2014-03-24 23:59 - 00000000 ____D C:\Program Files (x86)\epson
2015-05-25 15:55 - 2014-03-04 02:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-21 16:57 - 2014-08-04 21:11 - 00000000 ____D C:\Users\Margret\AppData\Local\Spotify
2015-05-21 16:57 - 2014-08-04 21:10 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Spotify
2015-05-21 03:12 - 2015-04-10 13:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 03:12 - 2015-04-10 13:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-21 03:10 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-05-19 04:44 - 2014-03-25 00:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-18 09:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 16:45 - 2013-08-22 15:44 - 00536056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-14 16:43 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-14 16:43 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 16:40 - 2014-03-25 08:16 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 16:38 - 2014-03-25 08:16 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 16:37 - 2013-08-22 20:12 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2014-04-15 12:06 - 2014-04-15 12:06 - 0000132 _____ () C:\Users\Margret\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-26 12:04 - 2014-10-03 17:04 - 0000087 _____ () C:\Users\Margret\AppData\Roaming\WB.CFG
2014-06-04 21:49 - 2015-01-04 19:11 - 0006144 _____ () C:\Users\Margret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-04 01:53 - 2014-03-04 01:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-04 02:19 - 2014-03-04 02:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-04 02:16 - 2014-03-04 02:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-04 02:17 - 2014-03-04 02:18 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-04 02:18 - 2014-03-04 02:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-04 02:16 - 2014-03-04 02:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-05 03:06

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Margret at 2015-06-05 16:39:20
Running from C:\Users\Margret\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3145712594-1130862659-1550497800-500 - Administrator - Disabled)
Guest (S-1-5-21-3145712594-1130862659-1550497800-501 - Limited - Disabled)
Margret (S-1-5-21-3145712594-1130862659-1550497800-1001 - Administrator - Enabled) => C:\Users\Margret

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9204C155-00EA-6388-9362-01D16FFA114C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell Custom Help (Version: 16.05.0000.0251 - Intel Corporation) Hidden
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Download &amp; Install Packages (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Download &amp; Install Packages) (Version:  - ) <==== ATTENTION
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f6218a42-cca7-4b45-a5fe-4d0b9781de70}) (Version: 16.5.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO HD Edition (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.126 - Panasonic)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

21-05-2015 03:10:07 Windows Update
25-05-2015 15:55:02 Installed Epson Event Manager
04-06-2015 11:22:37 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045D71DE-BB7A-420B-86B1-6D0C8A1E7CD3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {1135D131-88B3-4100-84E8-759CFBB623F5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {17380F47-AB5C-40C5-850F-B76482537D37} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {1F4A828E-76E7-42A4-AC27-211DFBE606FC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {2042C84A-BC91-4EA3-A4C7-502B3129AB4B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {26757640-8E81-4E23-99A4-A652212D36D1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3145712594-1130862659-1550497800-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {296B78DD-FD76-4ED9-B55B-2D39DC6A0DDA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {36620510-B900-45FE-969D-7A8D43067D26} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {5ED4FA5D-FEB0-41F8-A764-85823930F6AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E775302-AD6C-4C18-BD31-402A8036FE80} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {72C9AF5F-BDB2-4FD9-9B0F-C9FB0E0D5EEF} - System32\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {8B5C88FB-63B9-4C22-A481-3FF8DB18C296} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8CBBAA38-CAC1-4FF3-B356-A475783CEC2D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {8E8E4E6F-3820-41CB-8006-343C33816419} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {96F80C08-FA8B-4166-AB6E-31B8F1715CA8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3145712594-1130862659-1550497800-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {9B7BF925-138B-402F-8514-4789BD833C78} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {9C23DD2D-4866-4E3A-9700-247C17D531B6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {A5DBE2D1-75E4-496E-957B-2F02CE10E00F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {A738D1D0-51F0-4FF5-9B90-48F1031A3858} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {AE926FAD-C13B-427A-9CA5-78CF995CF448} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {B427C59F-EA26-42FC-93A4-EE93E68820DB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {BDB57272-2B7F-47D2-B856-DBDC3B5E027D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {BEBF2041-2B95-4670-AB68-DDDD99EBCBB6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BF3C07EA-0817-4821-AA6D-D27993914219} - System32\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D35967F8-1C70-484E-ABA2-63F063F32CA3} - System32\Tasks\AdobeAAMUpdater-1.0-Margret-PC-Margret => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {D3EA799B-C31A-4939-9466-E03395403773} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D8EF18EC-15FC-49FE-915E-D03FEEB63F3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001Core => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {DC39D466-5612-4461-B0FC-923E7E847668} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {EA713B78-BDB5-4D28-968C-6946A860513E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F2BA8C09-D5A9-4EB4-ACAE-B235E03B0A42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F3C39E60-4E48-4D38-8199-C64298D736E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-28] (Avast Software s.r.o.)
Task: {F46221D2-9341-4F73-9490-D65D9EFBDF66} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{7FC5026A-3554-4674-8221-5074B5ADB686} /F:UpdateWORKGROUP\MARGRET-PC$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001Core.job => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA.job => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-24 17:41 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-04 02:33 - 2013-08-19 18:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-03-04 02:33 - 2013-08-19 18:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-03-04 02:33 - 2013-08-19 18:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Margret\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Margret\Pictures\Picasa\Backgrounds\picasabackground.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: jzmoeejfme64 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SecureAssist => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: VeriBrowse => 2
MSCONFIG\Services: vosr => 2
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BCCB7A5-68F9-49C1-9623-C30B0A644591}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A7AA7159-037C-4707-A231-22AD3FC2F111}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{7C93BFCD-1595-42C5-B59E-5E7EF3E0901E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{85B7FE58-236E-44C8-91E6-021C627404BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5DDAD557-E538-44E7-BE47-AF3BA0AB179B}] => (Allow) LPort=2869
FirewallRules: [{989539A5-D443-4E54-B976-A7C6A9C73BFE}] => (Allow) LPort=1900
FirewallRules: [{764B8680-3DEC-4899-AFDC-547694E93423}] => (Allow) C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6787F12E-A415-4B1D-B0C0-F1291C62AE41}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{87E42A61-1793-4355-96DB-27D61D2A9AC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F25D6ED0-74A5-4DC2-8237-77B07AE10D00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9788D542-ACF1-41DD-91F9-AD664D733618}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E986FC12-CFD6-41C0-BDA7-C6512D587A2F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{300EF09E-0015-4F72-9EB8-07A8F8AFD582}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D18B9EAC-D817-492C-9067-8556F1EFDFDD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{09DB1982-2653-475E-889B-C2A7E71AA512}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7424C590-3460-4481-A3FE-0A479DD0D9FB}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{EFE7FB91-EC5B-438E-B39F-BD19948BE9AB}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B5E65A6D-8351-4998-9A84-50172C211EBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F877B647-C38D-4966-BF68-DD068C205D1C}C:\users\margret\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\margret\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D6D32CE2-9B9F-4C85-90A2-2D980D999611}C:\users\margret\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\margret\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7B7F29C9-5D14-4C7F-B8B7-AC44B30A5EEB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E4A4DED3-62BB-4EEE-8C2F-6867D2F68F03}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{606D5B69-94F1-40E1-A57D-95153F3D7254}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{1D7F63EE-64A5-4A63-A21C-EBA79144BA08}C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{11CB2FAE-54F6-4A58-A4D0-E407DF59DF54}C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2015 04:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0xc0000005
Fault offset: 0x000698fc
Faulting process id: 0x7b0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (06/05/2015 03:14:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/05/2015 03:06:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8728016

Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8728016

Error: (06/04/2015 03:49:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/04/2015 11:21:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/31/2015 01:38:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/31/2015 01:31:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2015 11:20:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

System errors:
=============
Error: (06/05/2015 04:39:21 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:39:21 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:39:19 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:39:19 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:38:53 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/05/2015 04:38:53 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084Bluetooth Device MonitorUnavailable{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/05/2015 04:37:27 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/05/2015 04:37:27 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Microsoft Office:
=========================
Error: (06/05/2015 04:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8adc0000005000698fc7b001d09fa120809da5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll5f391117-0b94-11e5-8293-f8b156cfbb0a

Error: (06/05/2015 03:14:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (06/05/2015 03:06:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8728016

Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8728016

Error: (06/04/2015 03:49:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/04/2015 11:21:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (05/31/2015 01:38:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (05/31/2015 01:31:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (05/28/2015 11:20:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

CodeIntegrity Errors:
===================================
  Date: 2014-07-17 17:37:25.561
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-17 17:37:25.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-17 17:37:11.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-17 17:37:11.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-21 09:21:35.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-21 09:21:35.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-21 09:16:59.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-21 09:16:59.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-15 09:10:03.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-15 09:10:03.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16335.15 MB
Available physical RAM: 14016.09 MB
Total Pagefile: 18767.15 MB
Available Pagefile: 16375.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1851.24 GB) (Free:1490.63 GB) NTFS
Drive k: (Elements) (Fixed) (Total:1863.01 GB) (Free:1034.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 1B6C6A6B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000B6266)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

Advertisements

#2
Silvertraveller
Posted 05 June 2015 - 10:22 AM

Silvertraveller

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Sorry my computer is playing up and I managed to post this twice - please close one of the two identical calls.  Thanks


  • 0

#3
Essexboy
Posted 05 June 2015 - 11:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there do you have a link to the page where you got the phone number please

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

NEXT

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3145712594-1130862659-1550497800-1001] => http=127.0.0.1:13804
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> URL http://search.condui...archTerms}=
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} -> No File
BHO: No Name -> {e8ca604f-9b07-409e-b898-a519ad2a283b} -> No File
BHO-x32: No Name -> {0214754e-4e7d-4589-829d-e2523e6a3085} -> No File
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: No Name -> {65f159fb-5f5e-46f4-b45d-ccfa236d2073} -> No File
BHO-x32: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} -> No File
Task: {F2BA8C09-D5A9-4EB4-ACAE-B235E03B0A42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#4
Silvertraveller
Posted 06 June 2015 - 04:21 AM

Silvertraveller

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello Essexboy

 

Thanks you so much for helping me with this issue.

 

Just an update on what I have done since posting the message yesterday.  Then I will paste in the two log files which were generated following your instructions.

 

As you suggested I have uninstalled google chrome but also uninstalled google updater, google toolbar and my AVAST antivirus as this had expired.  I have installed AVG free for now but will invest in a paid antivirus after this issue has been resolved.  I will look into what is best - do you have an opinion?

 

Unfortunately, I did not keep a record of the web address or any screen shots of the issue when it first happened - sorry.

 

Here are the log files

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Margret at 2015-06-06 10:48:27 Run:1
Running from C:\Users\Margret\Desktop
Loaded Profiles: Margret (Available Profiles: Margret)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3145712594-1130862659-1550497800-1001] => http=127.0.0.1:13804
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> URL http://search.condui...archTerms}=
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} -> No File
BHO: No Name -> {e8ca604f-9b07-409e-b898-a519ad2a283b} -> No File
BHO-x32: No Name -> {0214754e-4e7d-4589-829d-e2523e6a3085} -> No File
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: No Name -> {65f159fb-5f5e-46f4-b45d-ccfa236d2073} -> No File
BHO-x32: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} -> No File
Task: {F2BA8C09-D5A9-4EB4-ACAE-B235E03B0A42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
"c:\progra~2\suppor~1\suppor~1.dll" => value data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value removed successfully
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF357FB3-38DB-839A-2334-A0076B07B8D4}" => key removed successfully
HKCR\CLSID\{BF357FB3-38DB-839A-2334-A0076B07B8D4} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8ca604f-9b07-409e-b898-a519ad2a283b}" => key removed successfully
HKCR\CLSID\{e8ca604f-9b07-409e-b898-a519ad2a283b} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}" => key removed successfully
HKCR\Wow6432Node\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF357FB3-38DB-839A-2334-A0076B07B8D4}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BF357FB3-38DB-839A-2334-A0076B07B8D4} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2BA8C09-D5A9-4EB4-ACAE-B235E03B0A42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2BA8C09-D5A9-4EB4-ACAE-B235E03B0A42}" => key removed successfully
C:\Windows\System32\Tasks\LaunchSignup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{CB6B22F0-1E4B-4783-A628-9B7C1793B830} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 587.3 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 10:49:19 ====

 

# AdwCleaner v4.206 - Logfile created 06/06/2015 at 11:12:05
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Margret - MARGARET-PC
# Running from : C:\Users\Margret\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\e54ce48f8b87c3f8
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Margret\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Margret\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Margret\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Margret\AppData\Local\torch
Folder Deleted : C:\Users\Margret\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Margret\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Margret\AppData\Roaming\wp_update
Folder Deleted : C:\Users\Margret\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
Folder Deleted : C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
Folder Deleted : C:\Users\Margret\Documents\Mobogenie
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\SecureAssist.ini
File Deleted : C:\Windows\SysWOW64\SecureAssistOff.ini
File Deleted : C:\Windows\System32\SecureAssist.ini
File Deleted : C:\Windows\System32\SecureAssistOff.ini
File Deleted : C:\Users\Margret\daemonprocess.txt
File Deleted : C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
File Deleted : C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url

***** [ Scheduled tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422392263}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422392263}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Download &amp; Install Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD04C21DD7DC68D42958E5F22E63394E

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [7640 bytes] - [06/06/2015 11:10:09]
AdwCleaner[S0].txt - [7206 bytes] - [06/06/2015 11:12:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7265  bytes] ##########

 

 

 

Many thanks

 

Silvertraveller


  • 0

#5
Essexboy
Posted 06 June 2015 - 04:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thanks for the update. I have been talking to Avast about this hence the request for the page location, but no problem if you do not have it

How is the computer behaving at the moment ? You may now reinstall Chrome if you wish

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

THEN

Could I have a fresh FRST scan
  • 0

#6
Silvertraveller
Posted 06 June 2015 - 07:50 AM

Silvertraveller

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi

 

The computer seems to be behaving itself now.  I have deceied I do not want Google Chrome again and will just user Internet Explorer instead.

 

Here are the two logs

 

Thanks

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/06/2015
Scan Time: 14:36:57
Logfile: malwarebytes_scan_log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.06.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Margret

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396009
Time Elapsed: 7 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Margret (administrator) on MARGARET-PC on 06-06-2015 14:46:14
Running from C:\Users\Margret\Desktop
Loaded Profiles: Margret (Available Profiles: Margret)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Panasonic Corporation) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-06-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\ElementsOrganizerRevelAgent.exe [2723232 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Spotify Web Helper] => C:\Users\Margret\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Spotify] => C:\Users\Margret\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\MountPoints2: {485ff9e9-e0bf-11e3-8265-ac7ba13c5dc5} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk [2014-04-12]
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-03-25]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.dell13.uk.msn.com/
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-30] (RealPlayer Cloud)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-07] (CyberLink)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 11:14 - 2015-06-06 11:14 - 00007381 _____ C:\Users\Margret\Desktop\AdwCleaner[S0].txt
2015-06-06 11:10 - 2015-06-06 11:12 - 00000000 ____D C:\AdwCleaner
2015-06-06 11:05 - 2015-06-06 11:05 - 00000983 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-06 11:05 - 2015-06-06 11:05 - 00000000 ____D C:\Users\Margret\AppData\Roaming\TuneUp Software
2015-06-06 11:05 - 2015-06-06 11:05 - 00000000 ____D C:\Users\Margret\AppData\Roaming\AVG2015
2015-06-06 11:05 - 2015-06-06 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-06 11:04 - 2015-06-06 11:05 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-06 11:04 - 2015-06-06 11:04 - 00000000 ___HD C:\$AVG
2015-06-06 11:03 - 2015-06-06 11:03 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-06 11:02 - 2015-06-06 11:08 - 00000000 ____D C:\Users\Margret\AppData\Local\Avg2015
2015-06-06 11:02 - 2015-06-06 11:08 - 00000000 ____D C:\ProgramData\MFAData
2015-06-06 11:02 - 2015-06-06 11:02 - 00000000 ____D C:\Users\Margret\AppData\Local\MFAData
2015-06-06 10:47 - 2015-06-06 10:47 - 02231296 _____ C:\Users\Margret\Desktop\AdwCleaner.exe
2015-06-06 10:39 - 2015-06-06 10:39 - 06420480 _____ C:\Program Files (x86)\GUTE8DA.tmp
2015-06-06 10:39 - 2015-06-06 10:39 - 00000000 ____D C:\Program Files (x86)\GUME8D9.tmp
2015-06-06 10:33 - 2015-06-06 10:33 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2015-06-05 17:02 - 2015-06-05 17:02 - 00088543 _____ C:\Users\Margret\Desktop\posttext.txt
2015-06-05 16:39 - 2015-06-06 14:46 - 00023348 _____ C:\Users\Margret\Desktop\FRST.txt
2015-06-05 16:39 - 2015-06-06 14:46 - 00000000 ____D C:\FRST
2015-06-05 16:39 - 2015-06-05 16:39 - 00040741 _____ C:\Users\Margret\Desktop\Addition.txt
2015-06-05 16:36 - 2015-06-05 16:36 - 02108928 _____ (Farbar) C:\Users\Margret\Desktop\FRST64.exe
2015-06-04 10:21 - 2015-06-04 15:52 - 00000000 ____D C:\Users\Margret\AppData\Local\LogMeIn Rescue Applet
2015-06-04 10:02 - 2015-06-04 10:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-05-25 16:44 - 2015-05-25 16:56 - 00000000 ____D C:\Users\Margret\Desktop\Halifax Car Insurance 2015
2015-05-25 16:30 - 2015-05-25 16:34 - 00000000 ____D C:\Users\Margret\Documents\JIMS CLAIM
2015-05-25 16:28 - 2015-05-25 16:29 - 00000000 ____D C:\Users\Margret\Documents\MELLOR my house
2015-05-25 15:55 - 2015-05-25 15:55 - 00001078 _____ C:\Users\Public\Desktop\MyEpson Portal.lnk
2015-05-18 10:37 - 2015-05-18 10:37 - 00001002 _____ C:\Users\Margret\Desktop\img004 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001912 _____ C:\Users\Margret\Desktop\Adobe Photoshop Elements 12.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001859 _____ C:\Users\Margret\Desktop\QuickTime Player.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001797 _____ C:\Users\Margret\Desktop\iTunes.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001284 _____ C:\Users\Margret\Desktop\Epson Manuals.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001157 _____ C:\Users\Margret\Desktop\GUY01_itinerary_Guyana_A_Timeless_Paradise - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001128 _____ C:\Users\Margret\Desktop\Picasa 3.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001062 _____ C:\Users\Margret\Desktop\RealPlayer Cloud.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001049 _____ C:\Users\Margret\Desktop\EOS_600D_Instruction_Manual_EN - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001049 _____ C:\Users\Margret\Desktop\Download halifax car ins 14-15 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000952 _____ C:\Users\Margret\Desktop\EPSON Scan.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000919 _____ C:\Users\Margret\Desktop\Adobe Photoshop Elements 12 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000847 _____ C:\Users\Margret\Desktop\LOVE NEVER DIES CD1 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000838 _____ C:\Users\Margret\Desktop\ANDREW LLOYD WEBBER LOVE NEVER DIES CD1 - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000838 _____ C:\Users\Margret\Desktop\AAW CONTACT DISK 1 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000820 _____ C:\Users\Margret\Documents\jims claim forms - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000812 _____ C:\Users\Margret\Desktop\margaret arden - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000802 _____ C:\Users\Margret\Desktop\CANON 600D (2) - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000757 _____ C:\Users\Margret\Desktop\PANASONIC - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000719 _____ C:\Users\Margret\Desktop\.temp - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000674 _____ C:\Users\Margret\Desktop\OneDrive - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000669 _____ C:\Users\Margret\Desktop\Desktop - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000654 _____ C:\Users\Margret\Desktop\Libraries - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000462 _____ C:\Users\Margret\Desktop\Elements (J) - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000363 _____ C:\Users\Margret\Desktop\Control Panel - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000359 _____ C:\Users\Margret\Desktop\Recycle Bin - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000351 _____ C:\Users\Margret\Desktop\Network - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000166 _____ C:\Users\Margret\Desktop\BBC - Homepage (2).url
2015-05-18 10:21 - 2015-05-18 10:21 - 00000134 _____ C:\Users\Margret\Desktop\Haughton Thornley Medical Centres - Patient information portal (3).url
2015-05-14 16:46 - 2015-06-06 11:14 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3145712594-1130862659-1550497800-1001
2015-05-14 16:40 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:40 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:38 - 2015-05-14 16:40 - 00000000 ____D C:\45b0d9bf6307963a73b52af2e8e5
2015-05-14 14:39 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-14 14:38 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 14:38 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 14:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 14:38 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 14:38 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 14:38 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 14:38 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 14:38 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 14:38 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 14:38 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 14:38 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 14:38 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-14 14:38 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 14:38 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 14:38 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 14:38 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-14 14:38 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 14:38 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 14:38 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-14 14:38 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 14:38 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-14 14:38 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 14:38 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 14:38 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 14:38 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 14:38 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 14:38 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 14:38 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-14 14:38 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 14:38 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-14 14:38 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 14:38 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-14 14:38 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 14:38 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 14:38 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 14:38 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 14:38 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 14:38 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 14:38 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 14:38 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 14:38 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 14:38 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 14:38 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 14:38 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 14:38 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 14:38 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-14 14:38 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 14:38 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-14 14:38 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 14:38 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-14 14:38 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-14 14:38 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-14 14:38 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-14 14:38 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-14 14:38 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-14 14:38 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 14:38 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 14:38 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 14:38 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 14:38 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-14 14:38 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-14 14:38 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-14 14:38 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-14 14:38 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-14 14:38 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-14 14:38 - 2015-03-13 01:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-14 14:38 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 14:38 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 14:38 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-14 14:38 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 14:38 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-14 14:38 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 14:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 14:38 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-14 14:38 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-14 14:38 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-14 14:38 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-14 14:38 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 08:56 - 2015-05-12 08:56 - 00001830 _____ C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 14:36 - 2014-05-21 09:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-06 14:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-06 14:33 - 2014-10-04 16:44 - 01790642 _____ C:\Windows\WindowsUpdate.log
2015-06-06 11:52 - 2014-04-09 15:52 - 00000941 _____ C:\Windows\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686}.job
2015-06-06 11:52 - 2014-04-09 15:52 - 00000755 _____ C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686}.job
2015-06-06 11:49 - 2014-03-24 23:28 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3145712594-1130862659-1550497800-1001
2015-06-06 11:41 - 2014-03-25 16:13 - 00000000 ____D C:\Users\Margret\AppData\Local\Google
2015-06-06 11:20 - 2014-03-04 02:07 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 11:15 - 2014-06-08 15:58 - 00000000 ___DO C:\Users\Margret\OneDrive
2015-06-06 11:14 - 2014-12-06 12:17 - 00003320 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3145712594-1130862659-1550497800-1001
2015-06-06 11:13 - 2014-11-27 16:19 - 00007136 _____ C:\Windows\setupact.log
2015-06-06 11:13 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 11:12 - 2014-03-24 23:23 - 00000000 ____D C:\Users\Margret
2015-06-06 11:12 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-06 11:11 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-06 11:08 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-06 11:04 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-06 11:00 - 2014-12-06 12:15 - 00661630 _____ C:\Windows\PFRO.log
2015-06-06 11:00 - 2014-11-10 16:28 - 00000000 ____D C:\avast! sandbox
2015-06-06 10:51 - 2014-10-04 10:45 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-06 10:48 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-06-06 10:42 - 2014-07-17 17:46 - 00000000 ____D C:\Program Files\Google
2015-06-06 10:42 - 2014-03-25 16:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-06 10:37 - 2014-04-15 10:56 - 00000000 ____D C:\Users\Margret\AppData\Local\Adobe
2015-06-06 10:37 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-06 10:36 - 2014-03-25 16:15 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA
2015-06-06 10:33 - 2014-03-04 02:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-05 16:06 - 2014-05-21 15:52 - 00000000 ____D C:\Users\Margret\AppData\Local\CrashDumps
2015-06-04 15:55 - 2014-03-31 16:55 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Epson
2015-06-04 15:55 - 2014-03-31 14:47 - 00000000 ____D C:\ProgramData\Epson
2015-06-04 15:51 - 2014-03-04 01:11 - 00000000 ____D C:\Windows\Panther
2015-06-04 12:53 - 2014-10-03 17:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 12:53 - 2014-05-21 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 12:53 - 2014-05-21 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-04 12:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-04 10:33 - 2014-03-24 15:13 - 00000000 ____D C:\Users\Margret\Documents\Outlook Files
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-05-25 15:55 - 2014-03-24 23:59 - 00000000 ____D C:\Program Files (x86)\epson
2015-05-25 15:55 - 2014-03-04 02:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-21 16:57 - 2014-08-04 21:11 - 00000000 ____D C:\Users\Margret\AppData\Local\Spotify
2015-05-21 16:57 - 2014-08-04 21:10 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Spotify
2015-05-21 03:12 - 2015-04-10 13:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 03:12 - 2015-04-10 13:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 04:44 - 2014-03-25 00:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-18 09:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 16:45 - 2013-08-22 15:44 - 00536056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-14 16:43 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-14 16:43 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 16:40 - 2014-03-25 08:16 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 16:38 - 2014-03-25 08:16 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 16:37 - 2013-08-22 20:12 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-06-06 10:39 - 2015-06-06 10:39 - 6420480 _____ () C:\Program Files (x86)\GUTE8DA.tmp
2014-04-15 12:06 - 2014-04-15 12:06 - 0000132 _____ () C:\Users\Margret\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-26 12:04 - 2014-10-03 17:04 - 0000087 _____ () C:\Users\Margret\AppData\Roaming\WB.CFG
2014-06-04 21:49 - 2015-01-04 19:11 - 0006144 _____ () C:\Users\Margret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-04 01:53 - 2014-03-04 01:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-04 02:19 - 2014-03-04 02:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-04 02:16 - 2014-03-04 02:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-04 02:17 - 2014-03-04 02:18 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-04 02:18 - 2014-03-04 02:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-04 02:16 - 2014-03-04 02:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Margret\AppData\Local\Temp\Quarantine.exe
C:\Users\Margret\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-05 03:06

==================== End of log ============================

 

 

 

Please advise if I need to do anything further.

 

Re my previous question - do you have a preferred anti virus package?

 

Thanks


  • 0

#7
Essexboy
Posted 06 June 2015 - 08:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have received a reply from Avast to my query
 

IMHO this user didn't call to our phone number but to some real scam company, not related to Avast whatsoever.
I read this kind of complains many times per week, people who search for "Avast phone support" in Google and gets to pages like http://www.supportbu...port-for-avast/https://www.techserv...ivirus-support/ , https://www.smartsna...hnical-support/ , etc.
Neither the procedure nor the price quoted to this user is in relation to our phone support procedure or price for extra support.


I actually use Avast as my preferred AV. The firewall built into windows 8.1 is sufficient in itself for most users, so a third party one is not really needed. So Avast free with a few little tweaks is all you need really :)

A few minor elements remain before I tidy up, any further apparent problems ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2015-06-06 10:39 - 2015-06-06 10:39 - 06420480 _____ C:\Program Files (x86)\GUTE8DA.tmp
2015-06-06 10:39 - 2015-06-06 10:39 - 00000000 ____D C:\Program Files (x86)\GUME8D9.tmp
2015-05-12 08:56 - 2015-05-12 08:56 - 00001830 _____ C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
Silvertraveller
Posted 08 June 2015 - 07:25 AM

Silvertraveller

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello Essexboy

 

Sprry for the delay in getting back to you.

 

I have not really been using the PC but when I come on to look for your responses it seems fine, thank you.

 

I have run the FRST and here is the result.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Margret at 2015-06-08 14:20:44 Run:2
Running from C:\Users\Margret\Desktop
Loaded Profiles: Margret (Available Profiles: Margret)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2015-06-06 10:39 - 2015-06-06 10:39 - 06420480 _____ C:\Program Files (x86)\GUTE8DA.tmp
2015-06-06 10:39 - 2015-06-06 10:39 - 00000000 ____D C:\Program Files (x86)\GUME8D9.tmp
2015-05-12 08:56 - 2015-05-12 08:56 - 00001830 _____ C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Program Files (x86)\GUTE8DA.tmp => moved successfully.
C:\Program Files (x86)\GUME8D9.tmp => moved successfully.
C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk => moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {2F8E0E6F-1AA6-4FCA-929A-1D535B399A53}.
Unable to cancel {6FF49F51-B913-43B1-8F48-9C7F732C4980}.
Unable to cancel {E7269CD9-CE33-4933-AA8B-11A0938550CC}.
Unable to cancel {398935C8-8C92-47A4-849B-7BE2C8D6582A}.
0 out of 4 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 180.2 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 14:21:08 ====

 

 

 

Many thanks


  • 0

#9
Essexboy
Posted 08 June 2015 - 07:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was actually a nice clean system apart from a few minor pieces which we killed in the first run :)

Anything further before I tidy up ?
  • 0

#10
Silvertraveller
Posted 08 June 2015 - 07:33 AM

Silvertraveller

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

No thank you,  everything seems fine.

 

I will be sending a donation to you via your paypal link. 

 

Many thanks for your advice and expertise.

 

I will look into getting a paid Anti Virus package - maybe bit defender - it seems to come out well in the trials.


  • 0

#11
Essexboy
Posted 08 June 2015 - 07:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At the end of the day for a paid solution I would be happy with Kaspersky as that has had many years of consistent results http://www.kaspersky...3028&ksdevice=c

Thank you :thumbsup:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#12
Essexboy
Posted 09 June 2015 - 07:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP