Hello, please can someone help me - I believe I have been the victim of an attempted scam and my PC has been infected with some Malware/Virus.
Yesterday, 4th June 2015, I received an email supposedly from my Antivirus company Avast telling me I had only a few days protection left. I had received various emails advising me that protection was coming to an end. Yesterday I went to the Avast website (or what I thought was the Avast website) and found a telephone number which I rang. The number was a freephone number but unfortunately I do not recall what it was. The first Asian operator I spoke to convinced me to allow him access to my computer remotely (in hindsight I appreciate this was not wise but I though I was talking to a legitimate Avast operator).
I was then passed through 2 other operators until one said I was infected with a trojan and he would 'sort it out' and give me PC support for £400+ this figure kept reducing as I said I was not happy. I finally disconnected from the telephone call and turned my computer off and spoke to my neighbor who is helping me to sort this problem out. We have run Malwarebytes and tried to run AVAST but every time I connect to the internet and launch Google I get lots of messages telling me I am infected and to click to download things to sort it out. I have obviously not done this and my neighbor told me about you kind people at GeeksToGo and so I have come to you.
I have just run FRST and here are the logs - many thanks in advance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Margret (administrator) on MARGARET-PC on 05-06-2015 16:39:06
Running from C:\Users\Margret\Desktop
Loaded Profiles: Margret (Available Profiles: Margret)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-06-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Google Update] => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-25] (Google Inc.)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\ElementsOrganizerRevelAgent.exe [2723232 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Spotify Web Helper] => C:\Users\Margret\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Run: [Spotify] => C:\Users\Margret\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\MountPoints2: {485ff9e9-e0bf-11e3-8265-ac7ba13c5dc5} - "E:\WD SmartWare.exe" autoplay=true
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk [2014-04-12]
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-03-25]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3145712594-1130862659-1550497800-1001] => http=127.0.0.1:13804
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.dell13.uk.msn.com/
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {8025EEDE-823D-49E5-8B70-B5E811C2E791} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {8025EEDE-823D-49E5-8B70-B5E811C2E791} URL =
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> URL http://search.condui...archTerms}=
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-28] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
BHO: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: No Name -> {e8ca604f-9b07-409e-b898-a519ad2a283b} -> No File
BHO-x32: No Name -> {0214754e-4e7d-4589-829d-e2523e6a3085} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: No Name -> {65f159fb-5f5e-46f4-b45d-ccfa236d2073} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-28] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-17] (Google Inc.)
BHO-x32: No Name -> {BF357FB3-38DB-839A-2334-A0076B07B8D4} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-17] (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-07-17] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-30] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2014-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2014-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3145712594-1130862659-1550497800-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-03-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3145712594-1130862659-1550497800-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-03-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-25]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
CHR Extension: (YouTube) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (RealPlayer Downloader) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Gmail) - C:\Users\Margret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-28] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-28] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-07] (CyberLink)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-24] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-30] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-28] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-24] (Intel Corporation)
U0 igfgxdff; C:\Windows\System32\drivers\ibbmmsts.sys [79064 2015-06-05] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 16:39 - 2015-06-05 16:39 - 00025106 _____ C:\Users\Margret\Desktop\FRST.txt
2015-06-05 16:39 - 2015-06-05 16:39 - 00000000 ____D C:\FRST
2015-06-05 16:36 - 2015-06-05 16:36 - 02108928 _____ (Farbar) C:\Users\Margret\Desktop\FRST64.exe
2015-06-05 16:19 - 2015-06-05 16:19 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ibbmmsts.sys
2015-06-04 10:21 - 2015-06-04 15:52 - 00000000 ____D C:\Users\Margret\AppData\Local\LogMeIn Rescue Applet
2015-06-04 10:02 - 2015-06-04 10:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-05-25 16:44 - 2015-05-25 16:56 - 00000000 ____D C:\Users\Margret\Desktop\Halifax Car Insurance 2015
2015-05-25 16:30 - 2015-05-25 16:34 - 00000000 ____D C:\Users\Margret\Documents\JIMS CLAIM
2015-05-25 16:28 - 2015-05-25 16:29 - 00000000 ____D C:\Users\Margret\Documents\MELLOR my house
2015-05-25 15:55 - 2015-05-25 15:55 - 00001078 _____ C:\Users\Public\Desktop\MyEpson Portal.lnk
2015-05-18 10:37 - 2015-05-18 10:37 - 00001002 _____ C:\Users\Margret\Desktop\img004 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-25 16:34 - 00001992 _____ C:\Users\Margret\Desktop\Avast Internet Security.lnk
2015-05-18 10:21 - 2015-05-25 16:34 - 00000840 _____ C:\Users\Margret\Desktop\CCleaner.lnk
2015-05-18 10:21 - 2015-05-25 16:29 - 00002052 _____ C:\Users\Margret\Desktop\Avast SafeZone.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00002205 _____ C:\Users\Margret\Desktop\Google Chrome.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001912 _____ C:\Users\Margret\Desktop\Adobe Photoshop Elements 12.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001859 _____ C:\Users\Margret\Desktop\QuickTime Player.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001797 _____ C:\Users\Margret\Desktop\iTunes.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001284 _____ C:\Users\Margret\Desktop\Epson Manuals.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001157 _____ C:\Users\Margret\Desktop\GUY01_itinerary_Guyana_A_Timeless_Paradise - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001128 _____ C:\Users\Margret\Desktop\Picasa 3.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001062 _____ C:\Users\Margret\Desktop\RealPlayer Cloud.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001049 _____ C:\Users\Margret\Desktop\EOS_600D_Instruction_Manual_EN - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00001049 _____ C:\Users\Margret\Desktop\Download halifax car ins 14-15 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000952 _____ C:\Users\Margret\Desktop\EPSON Scan.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000919 _____ C:\Users\Margret\Desktop\Adobe Photoshop Elements 12 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000847 _____ C:\Users\Margret\Desktop\LOVE NEVER DIES CD1 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000838 _____ C:\Users\Margret\Desktop\ANDREW LLOYD WEBBER LOVE NEVER DIES CD1 - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000838 _____ C:\Users\Margret\Desktop\AAW CONTACT DISK 1 - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000820 _____ C:\Users\Margret\Documents\jims claim forms - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000812 _____ C:\Users\Margret\Desktop\margaret arden - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000802 _____ C:\Users\Margret\Desktop\CANON 600D (2) - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000757 _____ C:\Users\Margret\Desktop\PANASONIC - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000719 _____ C:\Users\Margret\Desktop\.temp - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000674 _____ C:\Users\Margret\Desktop\OneDrive - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000669 _____ C:\Users\Margret\Desktop\Desktop - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000654 _____ C:\Users\Margret\Desktop\Libraries - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000462 _____ C:\Users\Margret\Desktop\Elements (J) - Shortcut (2).lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000363 _____ C:\Users\Margret\Desktop\Control Panel - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000359 _____ C:\Users\Margret\Desktop\Recycle Bin - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000351 _____ C:\Users\Margret\Desktop\Network - Shortcut.lnk
2015-05-18 10:21 - 2015-05-18 10:21 - 00000166 _____ C:\Users\Margret\Desktop\BBC - Homepage (2).url
2015-05-18 10:21 - 2015-05-18 10:21 - 00000134 _____ C:\Users\Margret\Desktop\Haughton Thornley Medical Centres - Patient information portal (3).url
2015-05-14 16:46 - 2015-06-05 15:55 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3145712594-1130862659-1550497800-1001
2015-05-14 16:40 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:40 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:38 - 2015-05-14 16:40 - 00000000 ____D C:\45b0d9bf6307963a73b52af2e8e5
2015-05-14 14:39 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-14 14:38 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 14:38 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 14:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 14:38 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 14:38 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 14:38 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 14:38 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 14:38 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 14:38 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 14:38 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 14:38 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 14:38 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-14 14:38 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 14:38 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 14:38 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 14:38 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-14 14:38 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 14:38 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 14:38 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-14 14:38 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 14:38 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-14 14:38 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 14:38 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 14:38 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 14:38 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 14:38 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 14:38 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 14:38 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-14 14:38 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 14:38 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-14 14:38 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 14:38 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-14 14:38 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 14:38 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 14:38 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 14:38 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 14:38 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 14:38 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 14:38 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 14:38 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 14:38 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 14:38 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 14:38 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 14:38 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 14:38 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 14:38 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-14 14:38 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 14:38 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-14 14:38 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 14:38 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-14 14:38 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-14 14:38 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-14 14:38 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-14 14:38 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-14 14:38 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-14 14:38 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 14:38 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 14:38 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 14:38 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 14:38 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-14 14:38 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-14 14:38 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-14 14:38 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-14 14:38 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-14 14:38 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-14 14:38 - 2015-03-13 01:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-14 14:38 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 14:38 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 14:38 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-14 14:38 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 14:38 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-14 14:38 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 14:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 14:38 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-14 14:38 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-14 14:38 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-14 14:38 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-14 14:38 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 08:56 - 2015-05-12 08:56 - 00001830 _____ C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 16:09 - 2014-05-21 09:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 16:07 - 2014-03-04 02:07 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 16:06 - 2014-05-21 15:52 - 00000000 ____D C:\Users\Margret\AppData\Local\CrashDumps
2015-06-05 16:01 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-05 15:57 - 2014-10-04 16:44 - 01257060 _____ C:\Windows\WindowsUpdate.log
2015-06-05 15:57 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 15:55 - 2014-12-06 12:17 - 00003320 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3145712594-1130862659-1550497800-1001
2015-06-05 15:55 - 2014-11-27 16:19 - 00006440 _____ C:\Windows\setupact.log
2015-06-05 15:55 - 2014-07-17 17:45 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-05 15:55 - 2014-07-17 17:44 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 15:55 - 2014-06-08 15:58 - 00000000 __RDO C:\Users\Margret\OneDrive
2015-06-05 15:54 - 2014-12-06 12:15 - 00097580 _____ C:\Windows\PFRO.log
2015-06-05 15:50 - 2014-03-25 16:15 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001Core.job
2015-06-05 15:49 - 2014-07-17 17:44 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 15:36 - 2014-03-25 16:15 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA.job
2015-06-05 15:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-05 14:52 - 2014-04-09 15:52 - 00000941 _____ C:\Windows\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686}.job
2015-06-05 14:52 - 2014-04-09 15:52 - 00000755 _____ C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686}.job
2015-06-05 02:00 - 2014-04-15 10:56 - 00000000 ____D C:\Users\Margret\AppData\Local\Adobe
2015-06-04 17:00 - 2014-03-24 23:28 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3145712594-1130862659-1550497800-1001
2015-06-04 15:55 - 2014-03-31 16:55 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Epson
2015-06-04 15:55 - 2014-03-31 14:47 - 00000000 ____D C:\ProgramData\Epson
2015-06-04 15:51 - 2014-03-04 01:11 - 00000000 ____D C:\Windows\Panther
2015-06-04 12:53 - 2014-10-03 17:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 12:53 - 2014-05-21 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 12:53 - 2014-05-21 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-04 12:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-04 11:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-04 10:33 - 2014-03-24 15:13 - 00000000 ____D C:\Users\Margret\Documents\Outlook Files
2015-06-04 10:02 - 2014-03-04 02:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-25 15:55 - 2014-03-31 14:50 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-05-25 15:55 - 2014-03-24 23:59 - 00000000 ____D C:\Program Files (x86)\epson
2015-05-25 15:55 - 2014-03-04 02:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-21 16:57 - 2014-08-04 21:11 - 00000000 ____D C:\Users\Margret\AppData\Local\Spotify
2015-05-21 16:57 - 2014-08-04 21:10 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Spotify
2015-05-21 03:12 - 2015-04-10 13:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 03:12 - 2015-04-10 13:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-21 03:10 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-05-19 04:44 - 2014-03-25 00:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-18 09:31 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 16:45 - 2013-08-22 15:44 - 00536056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-14 16:43 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-14 16:43 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 16:40 - 2014-03-25 08:16 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 16:38 - 2014-03-25 08:16 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 16:37 - 2013-08-22 20:12 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2014-04-15 12:06 - 2014-04-15 12:06 - 0000132 _____ () C:\Users\Margret\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-26 12:04 - 2014-10-03 17:04 - 0000087 _____ () C:\Users\Margret\AppData\Roaming\WB.CFG
2014-06-04 21:49 - 2015-01-04 19:11 - 0006144 _____ () C:\Users\Margret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-04 01:53 - 2014-03-04 01:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-04 02:19 - 2014-03-04 02:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-04 02:16 - 2014-03-04 02:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-04 02:17 - 2014-03-04 02:18 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-04 02:18 - 2014-03-04 02:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-04 02:16 - 2014-03-04 02:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-05 03:06
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Margret at 2015-06-05 16:39:20
Running from C:\Users\Margret\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3145712594-1130862659-1550497800-500 - Administrator - Disabled)
Guest (S-1-5-21-3145712594-1130862659-1550497800-501 - Limited - Disabled)
Margret (S-1-5-21-3145712594-1130862659-1550497800-1001 - Administrator - Enabled) => C:\Users\Margret
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9204C155-00EA-6388-9362-01D16FFA114C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell Custom Help (Version: 16.05.0000.0251 - Intel Corporation) Hidden
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Download & Install Packages (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Download & Install Packages) (Version: - ) <==== ATTENTION
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f6218a42-cca7-4b45-a5fe-4d0b9781de70}) (Version: 16.5.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO HD Edition (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.126 - Panasonic)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Margret\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3145712594-1130862659-1550497800-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
21-05-2015 03:10:07 Windows Update
25-05-2015 15:55:02 Installed Epson Event Manager
04-06-2015 11:22:37 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {045D71DE-BB7A-420B-86B1-6D0C8A1E7CD3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {1135D131-88B3-4100-84E8-759CFBB623F5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {17380F47-AB5C-40C5-850F-B76482537D37} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {1F4A828E-76E7-42A4-AC27-211DFBE606FC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {2042C84A-BC91-4EA3-A4C7-502B3129AB4B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {26757640-8E81-4E23-99A4-A652212D36D1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3145712594-1130862659-1550497800-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {296B78DD-FD76-4ED9-B55B-2D39DC6A0DDA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {36620510-B900-45FE-969D-7A8D43067D26} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {5ED4FA5D-FEB0-41F8-A764-85823930F6AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E775302-AD6C-4C18-BD31-402A8036FE80} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {72C9AF5F-BDB2-4FD9-9B0F-C9FB0E0D5EEF} - System32\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {8B5C88FB-63B9-4C22-A481-3FF8DB18C296} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8CBBAA38-CAC1-4FF3-B356-A475783CEC2D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {8E8E4E6F-3820-41CB-8006-343C33816419} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {96F80C08-FA8B-4166-AB6E-31B8F1715CA8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3145712594-1130862659-1550497800-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {9B7BF925-138B-402F-8514-4789BD833C78} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {9C23DD2D-4866-4E3A-9700-247C17D531B6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {A5DBE2D1-75E4-496E-957B-2F02CE10E00F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {A738D1D0-51F0-4FF5-9B90-48F1031A3858} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {AE926FAD-C13B-427A-9CA5-78CF995CF448} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {B427C59F-EA26-42FC-93A4-EE93E68820DB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {BDB57272-2B7F-47D2-B856-DBDC3B5E027D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {BEBF2041-2B95-4670-AB68-DDDD99EBCBB6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BF3C07EA-0817-4821-AA6D-D27993914219} - System32\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D35967F8-1C70-484E-ABA2-63F063F32CA3} - System32\Tasks\AdobeAAMUpdater-1.0-Margret-PC-Margret => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {D3EA799B-C31A-4939-9466-E03395403773} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D8EF18EC-15FC-49FE-915E-D03FEEB63F3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001Core => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-25] (Google Inc.)
Task: {DC39D466-5612-4461-B0FC-923E7E847668} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {EA713B78-BDB5-4D28-968C-6946A860513E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F2BA8C09-D5A9-4EB4-ACAE-B235E03B0A42} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F3C39E60-4E48-4D38-8199-C64298D736E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-28] (Avast Software s.r.o.)
Task: {F46221D2-9341-4F73-9490-D65D9EFBDF66} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {7FC5026A-3554-4674-8221-5074B5ADB686}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {7FC5026A-3554-4674-8221-5074B5ADB686}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{7FC5026A-3554-4674-8221-5074B5ADB686} /F:UpdateWORKGROUP\MARGRET-PC$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001Core.job => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145712594-1130862659-1550497800-1001UA.job => C:\Users\Margret\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-24 17:41 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-04 02:33 - 2013-08-19 18:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-03-04 02:33 - 2013-08-19 18:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-03-04 02:33 - 2013-08-19 18:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-17 17:45 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Margret\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Margret\Pictures\Picasa\Backgrounds\picasabackground.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: jzmoeejfme64 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SecureAssist => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: VeriBrowse => 2
MSCONFIG\Services: vosr => 2
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3145712594-1130862659-1550497800-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BCCB7A5-68F9-49C1-9623-C30B0A644591}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A7AA7159-037C-4707-A231-22AD3FC2F111}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{7C93BFCD-1595-42C5-B59E-5E7EF3E0901E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{85B7FE58-236E-44C8-91E6-021C627404BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5DDAD557-E538-44E7-BE47-AF3BA0AB179B}] => (Allow) LPort=2869
FirewallRules: [{989539A5-D443-4E54-B976-A7C6A9C73BFE}] => (Allow) LPort=1900
FirewallRules: [{764B8680-3DEC-4899-AFDC-547694E93423}] => (Allow) C:\Users\Margret\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6787F12E-A415-4B1D-B0C0-F1291C62AE41}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{87E42A61-1793-4355-96DB-27D61D2A9AC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F25D6ED0-74A5-4DC2-8237-77B07AE10D00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9788D542-ACF1-41DD-91F9-AD664D733618}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E986FC12-CFD6-41C0-BDA7-C6512D587A2F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{300EF09E-0015-4F72-9EB8-07A8F8AFD582}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D18B9EAC-D817-492C-9067-8556F1EFDFDD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{09DB1982-2653-475E-889B-C2A7E71AA512}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7424C590-3460-4481-A3FE-0A479DD0D9FB}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{EFE7FB91-EC5B-438E-B39F-BD19948BE9AB}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B5E65A6D-8351-4998-9A84-50172C211EBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F877B647-C38D-4966-BF68-DD068C205D1C}C:\users\margret\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\margret\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D6D32CE2-9B9F-4C85-90A2-2D980D999611}C:\users\margret\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\margret\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7B7F29C9-5D14-4C7F-B8B7-AC44B30A5EEB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E4A4DED3-62BB-4EEE-8C2F-6867D2F68F03}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{606D5B69-94F1-40E1-A57D-95153F3D7254}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{1D7F63EE-64A5-4A63-A21C-EBA79144BA08}C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{11CB2FAE-54F6-4A58-A4D0-E407DF59DF54}C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\margret\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2015 04:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0xc0000005
Fault offset: 0x000698fc
Faulting process id: 0x7b0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
Error: (06/05/2015 03:14:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (06/05/2015 03:06:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8728016
Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8728016
Error: (06/04/2015 03:49:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/04/2015 11:21:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/31/2015 01:38:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/31/2015 01:31:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/28/2015 11:20:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
System errors:
=============
Error: (06/05/2015 04:39:21 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:39:21 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:39:19 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:39:19 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:39:07 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:38:53 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (06/05/2015 04:38:53 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084Bluetooth Device MonitorUnavailable{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (06/05/2015 04:37:27 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (06/05/2015 04:37:27 PM) (Source: DCOM) (EventID: 10005) (User: MARGARET-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office:
=========================
Error: (06/05/2015 04:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8adc0000005000698fc7b001d09fa120809da5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll5f391117-0b94-11e5-8293-f8b156cfbb0a
Error: (06/05/2015 03:14:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
Error: (06/05/2015 03:06:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8728016
Error: (06/04/2015 03:49:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8728016
Error: (06/04/2015 03:49:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/04/2015 11:21:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
Error: (05/31/2015 01:38:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
Error: (05/31/2015 01:31:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
Error: (05/28/2015 11:20:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
CodeIntegrity Errors:
===================================
Date: 2014-07-17 17:37:25.561
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-17 17:37:25.483
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-17 17:37:11.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-17 17:37:11.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-21 09:21:35.358
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-21 09:21:35.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-21 09:16:59.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-21 09:16:59.200
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-15 09:10:03.171
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-15 09:10:03.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16335.15 MB
Available physical RAM: 14016.09 MB
Total Pagefile: 18767.15 MB
Available Pagefile: 16375.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1851.24 GB) (Free:1490.63 GB) NTFS
Drive k: (Elements) (Fixed) (Total:1863.01 GB) (Free:1034.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 1B6C6A6B)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000B6266)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of log ============================