Hi
I am working on my dads computer. He is running windows 10 and using google chrome as his web browser. I am using teamviewer to help him out and when I click on google chrome the google home page comes up then it changes and toggles between wegotmedia - maps galaxy - youtube trololo. I scanned with super antispyware and it just found cookies. scanned with avast and it displayed that some files could not be scanned and it showed some files were password protected and it was not done by my dad. I am including a pdf file.
Cannot do any web browsing at all!
Thanks for helping!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2017
Ran by Jim (administrator) on JIM-PC (10-01-2017 21:10:27)
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim (Available Profiles: Jim & Administrator & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATINPE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sierra Online, Inc.) C:\Sierra\Planner\PLNRnote.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [dlbamon.exe] => C:\Program Files\Dell AIO Printer A940\dlbamon.exe [435696 2007-03-05] ()
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-27] (AVAST Software)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-12-06] (Apple Inc.)
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-29] (Google Inc.)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATINPE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [PCKeeperLive] => "C:\Program Files\Essentware\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\Run: [PCKeeper Antivirus] => "C:\Program Files\Essentware\PCKAV\PCKAV.exe" /autorun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk [2014-05-29]
ShortcutTarget: Event Planner Reminders Tray Icon.lnk -> C:\Sierra\Planner\PLNRnote.exe (Sierra Online, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{abfe84f6-cc01-4a55-b173-8ac1a629826a}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> {8FC038DB-DFC3-40D6-BD78-8F90BF1172E3} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3988621694-3172890893-754654441-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default [2017-01-10]
FF Extension: (MediaPlayer) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\nljala27.default\Extensions\
[email protected] [2015-05-12] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-27]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @glance.net/GlanceClient -> C:\Program Files\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3988621694-3172890893-754654441-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-03] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://bookmarks/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Apa.org CBG) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncdmdmjnniofmekjogmednceimjfac [2016-12-14]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-10]
CHR Extension: (Avast SafePrice) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-15]
CHR Extension: (DailyBibleGuide) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm [2016-09-30]
CHR Extension: (Nmeitj) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlclhmmajhgidfdaiekbeignliibocod [2017-01-10]
CHR Extension: (MapsGalaxy) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2016-09-30]
CHR Extension: (FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilngdmldabiclnndbiflkjbenccddfmn [2016-08-04]
CHR Extension: (FunOnlinePlay) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcbbmeakkkdckglelnaiefelaleeam [2016-08-25]
CHR Extension: (SearchLock) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2016-09-08]
CHR Extension: (FromDocToPDF) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-16] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [595968 2016-06-16] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-12-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-12-27] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-08-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-12-27] (AVAST Software)
R1 glancedrv; C:\WINDOWS\system32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2016-07-16] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
R2 WinDivert32; C:\WINDOWS\System32\drivers\WinDivert32.sys [33792 2014-12-09] (Basil's Projects) [File not signed]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-10 21:10 - 2017-01-10 21:11 - 00048271 _____ C:\Users\Jim\Desktop\FRST.txt
2017-01-10 21:10 - 2017-01-10 21:10 - 00000000 ____D C:\FRST
2017-01-10 21:09 - 2017-01-10 21:09 - 01761280 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe
2017-01-10 21:05 - 2017-01-10 21:05 - 02419200 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2017-01-10 20:17 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-10 20:17 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-10 19:20 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 19:20 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 19:20 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 19:20 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 19:20 - 2016-12-14 00:04 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 19:20 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 19:20 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 19:19 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 19:19 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 19:19 - 2016-12-21 00:00 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:19 - 2016-12-20 23:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 19:19 - 2016-12-20 23:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 19:19 - 2016-12-20 23:44 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 19:19 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 19:19 - 2016-12-20 23:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 19:19 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 19:19 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 19:19 - 2016-12-20 23:30 - 01406976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-01-10 19:19 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 19:19 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 19:19 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 19:19 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 19:19 - 2016-12-13 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 19:19 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:19 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 19:19 - 2016-12-13 23:37 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 19:19 - 2016-12-13 23:37 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 19:19 - 2016-12-13 23:23 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 19:19 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 19:19 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 19:19 - 2016-12-13 23:22 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 19:19 - 2016-12-13 23:22 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 19:18 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2017-01-10 19:18 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 19:18 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 19:18 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 19:18 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 19:18 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:18 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 19:18 - 2016-12-13 23:41 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 19:18 - 2016-12-13 23:38 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 19:18 - 2016-12-13 23:36 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 19:18 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 19:18 - 2016-12-13 23:23 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 19:17 - 2016-12-21 00:20 - 06020448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 19:17 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 19:17 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:17 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 19:17 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 19:17 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 19:17 - 2016-12-20 23:26 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 19:17 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 19:17 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:17 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 19:17 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 19:17 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 19:17 - 2016-12-13 23:22 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 19:17 - 2016-12-13 23:21 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 19:17 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 19:17 - 2016-11-02 06:05 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-01-10 19:17 - 2016-11-02 05:32 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 19:17 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-10 19:16 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 19:16 - 2016-12-21 00:59 - 00101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 19:16 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 19:16 - 2016-12-21 00:05 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 19:16 - 2016-12-21 00:02 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 19:16 - 2016-12-21 00:01 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 19:16 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 19:16 - 2016-12-20 23:40 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 19:16 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-01-10 19:16 - 2016-12-20 23:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 19:16 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 19:16 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 19:16 - 2016-12-20 23:23 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 19:16 - 2016-12-20 23:22 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 19:16 - 2016-12-14 00:58 - 01026912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 19:16 - 2016-12-14 00:26 - 01127040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 19:16 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 19:16 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 19:16 - 2016-12-14 00:05 - 00544608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 19:16 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 19:16 - 2016-12-13 23:40 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 19:16 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 19:16 - 2016-12-13 23:37 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 19:16 - 2016-12-13 23:36 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 19:16 - 2016-12-13 23:36 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 19:16 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 19:16 - 2016-12-13 23:35 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 19:16 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 19:16 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 19:16 - 2016-12-13 23:35 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 19:16 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 19:16 - 2016-12-13 23:24 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 18:36 - 2017-01-10 18:36 - 00001000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-27 22:14 - 2017-01-10 20:12 - 00064654 ____H C:\Users\Jim\AppData\Local\IconCache.db
2016-12-27 08:06 - 2016-08-30 06:49 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-12-27 08:03 - 2016-12-27 08:03 - 06334848 _____ (AVAST Software) C:\Users\Jim\Downloads\avast_free_antivirus_setup_online_c0l.exe
2016-12-26 21:47 - 2016-12-26 21:48 - 00000000 ____D C:\Users\Jim\AppData\Local\IM
2016-12-26 21:47 - 2016-12-26 21:48 - 00000000 ____D C:\ProgramData\IM
2016-12-26 21:47 - 2016-12-26 21:47 - 00000000 ____D C:\ProgramData\IncrediMail
2016-12-26 21:45 - 2016-12-26 21:45 - 13076440 _____ C:\Users\Jim\Downloads\IncrediMailSetup.exe
2016-12-16 11:44 - 2016-12-16 11:46 - 00000000 ____D C:\Users\Jim\AppData\Local\Essentware
2016-12-16 11:42 - 2017-01-07 09:22 - 00000000 ____D C:\ProgramData\Essentware
2016-12-16 07:58 - 2016-12-16 07:58 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-16 07:58 - 2016-12-16 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-16 07:57 - 2016-12-16 07:58 - 00000000 ____D C:\Program Files\iTunes
2016-12-16 07:57 - 2016-12-16 07:57 - 00000000 ____D C:\Program Files\iPod
2016-12-14 22:26 - 2016-12-14 22:26 - 00002208 _____ C:\Users\Jim\Desktop\Google Chrome.lnk
2016-12-14 07:58 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-14 07:57 - 2016-12-09 05:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 07:57 - 2016-12-09 05:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 07:57 - 2016-12-09 05:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 07:57 - 2016-12-09 05:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 07:57 - 2016-12-09 05:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 07:57 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 07:57 - 2016-12-09 05:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 07:57 - 2016-12-09 05:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 07:57 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 07:57 - 2016-12-09 05:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 07:57 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 07:57 - 2016-12-09 05:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 07:57 - 2016-12-09 05:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 07:57 - 2016-12-09 05:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 07:57 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 07:57 - 2016-12-09 04:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 07:57 - 2016-12-09 04:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 07:57 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 07:57 - 2016-12-09 04:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 07:57 - 2016-12-09 04:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 07:57 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 07:57 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 07:57 - 2016-12-09 04:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 07:57 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 07:57 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 07:57 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 07:57 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 07:57 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 07:57 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 07:57 - 2016-12-09 04:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 07:57 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 07:57 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 07:57 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 07:57 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 07:57 - 2016-09-15 11:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-10 20:52 - 2015-11-08 22:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-10 20:37 - 2016-09-24 06:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-10 20:37 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-10 20:27 - 2016-07-16 03:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 20:16 - 2016-09-24 07:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 20:15 - 2016-09-24 06:45 - 00278504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-10 20:15 - 2016-07-15 21:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 20:15 - 2014-05-29 19:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 20:14 - 2016-07-16 03:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 20:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 20:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 20:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 20:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 19:34 - 2014-05-29 09:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 19:31 - 2014-05-29 09:24 - 133456224 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 19:30 - 2016-07-16 03:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 18:37 - 2015-12-06 20:28 - 00000000 ____D C:\Program Files\TeamViewer
2017-01-10 07:03 - 2016-07-16 03:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-09 19:21 - 2016-09-24 07:18 - 00000258 __RSH C:\Users\Jim\ntuser.pol
2017-01-09 19:21 - 2016-09-24 06:50 - 00000000 ____D C:\Users\Jim
2017-01-04 08:00 - 2014-01-29 08:22 - 00017744 _____ C:\Users\Jim\Documents\Bob 1.odt
2017-01-03 16:59 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-27 16:38 - 2010-09-20 12:32 - 00015138 _____ C:\Users\Jim\Documents\Cantor Schedule.odt
2016-12-27 08:56 - 2016-07-15 21:22 - 00000000 ___RD C:\Program Files
2016-12-27 08:25 - 2016-03-22 13:54 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-27 08:07 - 2016-06-27 13:59 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-12-27 08:07 - 2015-11-29 13:19 - 00002150 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-27 08:06 - 2016-08-30 15:18 - 00039832 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2016-12-27 08:06 - 2015-11-29 13:18 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-12-27 08:06 - 2015-11-29 13:18 - 00433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-12-27 08:06 - 2015-11-29 13:18 - 00224752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-12-27 08:03 - 2014-05-28 21:49 - 00000000 ___RD C:\Users\Jim\Downloads
2016-12-21 04:54 - 2014-05-28 21:14 - 00389396 __RSH C:\bootmgr
2016-12-20 10:53 - 2016-05-18 06:02 - 00000000 ____D C:\Users\Jim\AppData\Local\MicrosoftEdge
2016-12-20 09:45 - 2016-09-24 06:50 - 00000000 ___RD C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-20 09:45 - 2016-05-17 09:45 - 00002397 _____ C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-20 09:45 - 2016-05-17 09:45 - 00000000 ___RD C:\Users\Jim\OneDrive
2016-12-17 08:46 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 18:30 - 2009-07-13 21:37 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 07:57 - 2014-05-29 11:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-15 08:09 - 2016-09-24 06:49 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{9539dd98-4b3d-11e6-80cb-90b11c266759}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 07:51 - 2016-07-16 03:29 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-14 18:30 - 2014-05-29 09:03 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 16:59 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 16:59 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 16:59 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\apppatch
2016-12-14 16:56 - 2014-05-29 09:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-13 19:16 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories =======
2015-11-10 21:48 - 2015-11-23 09:38 - 0000000 _____ () C:\ProgramData\mitmtest-service.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ==> Could not access BCD.
LastRegBack: 2017-01-02 08:01
==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2017
Ran by Jim (10-01-2017 21:11:53)
Running from C:\Users\Jim\Desktop
Microsoft Windows 10 Home Version 1607 (X86) (2016-09-24 12:15:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3988621694-3172890893-754654441-500 - Administrator - Disabled) => C:\Users\Administrator.000
DefaultAccount (S-1-5-21-3988621694-3172890893-754654441-503 - Limited - Disabled)
Guest (S-1-5-21-3988621694-3172890893-754654441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3988621694-3172890893-754654441-1002 - Limited - Enabled)
Jim (S-1-5-21-3988621694-3172890893-754654441-1001 - Administrator - Enabled) => C:\Users\Jim
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
CryptoPrevent v4.7.0 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version: - Dell, Inc.)
Easy Photo Scan (HKLM\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-520 Series Printer Uninstall (HKLM\...\EPSON XP-520 Series) (Version: - SEIKO EPSON Corporation)
Epson XP-520 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-520 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Event Planner (HKLM\...\{741849D8-E8D9-49CF-B373-0D7507ED0A56}) (Version: - )
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Glance 2.9 (HKLM\...\Glance_is1) (Version: - Glance Networks, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Hallmark Card Studio 2 (HKLM\...\{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}) (Version: - )
HL-L2305 series (HKLM\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
iTunes (HKLM\...\{4EEBA4CC-6719-4AA0-B36E-D7748E55804E}) (Version: 12.5.4.42 - Apple Inc.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Skype™ 7.30 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {066203D1-1ED0-4254-8988-8FC8E671B5F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0C6D93CD-65CC-47CF-8F01-D4484978AD13} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {16104CFC-5608-498C-97F2-5DDF6FB15BFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {197F26D6-30A7-46AB-8C79-1A2FF4F3F8C8} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jim\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {278CE908-AAB5-4878-BE3F-DBE952B3DEC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {28557BCD-67BC-4041-BA63-C112C8191F73} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\WINDOWS\vVX3000.exe [2010-05-20] (Microsoft Corporation)
Task: {2B88364F-7F77-4140-A7A3-076BAA8B84A4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2E80A8BD-31FC-4B06-955C-ACD082706C7F} - System32\Tasks\{CF8C78C4-B996-4C72-B3CF-E37C7D191856} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"
Task: {3B040B39-4772-47BE-8121-34CC1C2BCB80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3DA95F47-17FB-45CD-AAC1-95C9EA335347} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {435DF308-6215-47DA-AC8D-0C479F0E4C7D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4C5FA46F-CF5C-4994-BF49-225A1B7C6D27} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4CAEB36B-EF96-4723-B3F4-A07B63FB5727} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {4E5BBB31-79CA-4978-A994-C533D63E7612} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {56BD30BB-C55E-4CA4-A07D-74AA44C47682} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58E5782A-EBD0-4ACB-96B3-D52D7BEF6B8D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B6837DC-EFEC-4579-842F-66189490BB14} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5F3CC0D6-8E74-4F8E-A83B-5DEB0F77866E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {603E4138-D57E-4EE1-84EA-7BD4AEF3B9DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {69051406-96D9-4C3B-A6CF-9B613DF66916} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6B14425E-C2E4-4308-B9F3-FE3390D530AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6DB25157-4366-4C48-9CB8-4D7A439885EB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {72F8A930-FBA2-4EA8-800A-79422093DF4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {789710E9-2670-4800-ACD9-8A752D6C3D0F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CF7126C-CF57-4DB7-BFE2-5F734382F12A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {88B07368-A624-4FEF-A820-555EAF25402D} - System32\Tasks\EPSON XP-520 Series Update {AC4A0DAF-2F09-49D5-8A9F-C4FD4F6E3D03} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {919B3416-594B-43F6-88FF-3730616466CD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {946A15D7-68CD-4902-9146-3150CCEA69DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9AAB09C1-20FA-4797-A49C-24781A52FF6E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AF2051E-C5BA-43BA-BAA5-B7A5C144E7C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9D00198C-463F-4B5E-B621-830FF40988DB} - System32\Tasks\{287C8A86-E5B1-426D-B3D2-3FC5D86C0396} => pcalua.exe -a "C:\Program Files\Dell AIO Printer A940\Install\x86\Uninst.exe"
Task: {A547DFF9-6909-40A8-9B0E-2434F5C011BE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A9DDDFD9-D4D4-4F8E-9AC0-317046A92492} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B5A644B2-4648-490F-A102-9E75E6EADE0D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B6826B1C-3AAA-4DB1-AAD9-B2EAF19A22F0} - System32\Tasks\SafeZone scheduled Autoupdate 1458672840 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {B7EAC6DC-4838-4DC1-AB9E-0DA799AE0B68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {C147FCD1-A44D-4E4F-BA18-E7AA67FB0FE3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6667D3E-850F-4B3F-B15A-402826C28C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CE2CE079-4611-485F-A5DE-358ED0546525} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CEE3E849-1B96-4C71-9C78-A1C272F19B02} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {D05AE2E6-A362-4B68-BD96-AE97D50C928F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D55B4591-B85E-4003-8395-4196CC511F12} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D6A6E166-7FE5-49EF-AE22-C4F07831DF19} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7B624DA-349A-46CC-AAA6-48A4FFCBCB08} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8C070F2-EF2A-4431-AFF8-42297D446F7E} - System32\Tasks\EPSON XP-520 Series Update {8856D0EA-C6F7-466C-98F8-0FB69C996467} => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {DCE7EEE5-67A7-4638-A3EA-B7D02A1C1DD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DDBBA2DD-6122-4BB3-A299-0CDC8BDF225E} - System32\Tasks\AVAST Software\Avast upgrade utility => C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe [2016-05-17] (AVAST Software)
Task: {E5E3FA8B-BED8-4E44-994F-5897440D00A4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {EA2E4AEE-E89E-4462-8DF9-79F6DA9BA910} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA9B22D2-734E-4A09-AE20-EC68A52044C3} - System32\Tasks\EPSON XP-520 Series Update {B378BE76-1CAD-4E77-AD10-0DB3F8161CA4} => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {F2D586E4-6C6C-4CEF-BD75-240FFA10DF0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F42CD5E9-25C6-45D5-B138-300B95984F23} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FF9E4AE6-B69F-4A38-A159-78927A7943C5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {8856D0EA-C6F7-466C-98F8-0FB69C996467}.job => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE :/EXE:{8856D0EA-C6F7-466C-98F8-0FB69C996467} /F:Update WORKGROUP\JIM-PC$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {AC4A0DAF-2F09-49D5-8A9F-C4FD4F6E3D03}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE :/EXE:{AC4A0DAF-2F09-49D5-8A9F-C4FD4F6E3D03} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {B378BE76-1CAD-4E77-AD10-0DB3F8161CA4}.job => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNPE.EXE :/EXE:{B378BE76-1CAD-4E77-AD10-0DB3F8161CA4} /F:Update WORKGROUP\JIM-PC$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 03:25 - 2016-07-16 03:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 07:57 - 2016-12-09 05:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-30 06:49 - 2016-08-30 06:49 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-10 15:45 - 2017-01-10 15:45 - 03138632 _____ () C:\Program Files\AVAST Software\Avast\defs\17011001\algo.dll
2016-08-30 06:49 - 2016-08-30 06:49 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-05-29 14:11 - 2007-02-20 07:27 - 00102400 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\dlbapp5c.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-14 07:57 - 2016-12-09 05:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-20 09:44 - 2016-12-20 09:44 - 01244376 _____ () C:\Users\Jim\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-07-16 03:25 - 2016-07-16 03:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 19:16 - 2016-12-20 23:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 19:19 - 2016-12-20 23:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 19:18 - 2016-12-20 23:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-24 10:39 - 2016-09-24 10:39 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 19:19 - 2016-12-20 23:21 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 19:18 - 2016-12-20 23:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 19:19 - 2016-12-20 23:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-05-29 14:11 - 2007-03-05 15:57 - 00435696 _____ () C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
2015-03-03 11:34 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2016-06-30 09:58 - 2016-06-30 09:58 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-14 18:30 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 18:30 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-12 18:31 - 2016-12-12 18:31 - 17833560 _____ () C:\Users\Jim\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3988621694-3172890893-754654441-1001\...\100sexlinks.com -> 100sexlinks.com
There are 5108 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2015-12-01 16:53 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3988621694-3172890893-754654441-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{67902B13-1224-4EA3-A6FA-071642FF7298}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E58DC5C5-581C-4795-AAFD-150C2D363C0D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90801967-9DC5-4AA3-AB49-1A9BF51354A1}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AEC6CFEE-0106-4586-A00D-9C026E590388}] => C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{3DAE5150-8D46-44E8-A226-D42832670ACD}] => C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AEAC50ED-906C-4D79-9442-9EAA5010193C}] => C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{932F5277-C713-41A6-92F1-E848EB7D2B27}] => C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{791845AC-4281-4245-B441-73E2D8380C88}] => C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{80503B3E-45AA-49E2-A501-645DC141D8B2}] => C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{6BDCCB7F-945F-425F-ADC3-753D68FC601D}] => C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F9F77CE2-4BA2-4537-B0A7-16F32053893F}] => C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D97B2500-F7B8-425B-98B1-5D98D6640ECF}] => C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0620903F-7B29-49C3-AF00-2B0A4DD5103E}] => LPort=2869
FirewallRules: [{DB5797A6-BCF6-4DF4-9407-A4698066A7BC}] => LPort=1900
FirewallRules: [{B22FA5A5-C387-4020-B03E-ED85DCF9C81B}] => C:\Windows\System32\dlbacoms.exe
FirewallRules: [{B678758D-A1CB-488D-98EF-80F4F7231C48}] => C:\Windows\System32\dlbacoms.exe
FirewallRules: [{30768086-B6C5-403C-9664-81DDE17B67E0}] => C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe
FirewallRules: [{FB745985-2E26-40DE-9329-EECF0E24BE27}] => C:\Windows\System32\spool\drivers\w32x86\3\dlbapswx.exe
FirewallRules: [{9D2A0302-A745-46D0-A9DC-1CE864B2FEF6}] => C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
FirewallRules: [{D3260931-EE74-455F-A51E-E8EA10146198}] => C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
FirewallRules: [{F0054FE3-87F3-4B3F-8566-6348CA0C1948}] => C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe
FirewallRules: [{FBCF4BAA-BF4F-4803-846C-EEC3E7C6757F}] => C:\Program Files\Dell AIO Printer A940\DLBAaiox.exe
FirewallRules: [{D2444546-E4DD-4396-BDE6-A9D3F454B281}] => C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{24F33985-2619-4DFD-836D-458FA199F5A9}] => C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{9F84005E-811B-4159-92B3-01C6E616356D}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B786F92A-EC12-490F-AEFE-D1B4B0A4C79A}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{CA08B324-DE6D-4B3F-9448-197BA0167D08}] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{0EAA8469-2F8F-411F-8FD5-A8D8F37D05D0}] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{5EFB36D7-E59B-4087-BFFC-CDB12DDFA000}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9C28477C-6DF9-48AE-9865-2B93E194FBA3}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{EF796F82-A393-4EED-BAFB-78EDAD06AD78}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FE728DFE-C381-48F9-8569-E878A721D65B}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{DDB36B6B-02FF-4841-9BD8-C4495D838D34}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{755C6CC1-200C-4C53-BA39-88A47C4E6884}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B1E12958-3372-48C8-AF05-41FB332F3264}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{BBFA0655-F816-4D94-9247-5D96C866D35F}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{E9672E80-5E7D-4753-A734-045A2A55DB21}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{57DA2C95-84A3-4A46-BABF-25A8F3560146}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{4E05A1E1-205E-490B-B92C-22D5C0FE2EBD}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{742E5477-6B33-496A-9982-7EF6B79603B3}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{0F8ABD2A-B9E1-45D3-A97A-2ACDEC72AC32}] => C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{0D017969-D3C1-45A0-B09A-FAD55C4898CD}] => C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{DA812A1C-7E96-4834-8D28-0ACA8BDC6DB6}] => C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{EFFB4174-57EE-477D-8AD7-226E4C3CDD82}] => C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{2597607A-94B7-4855-810C-F3698A7AF865}] => C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{6E509E2D-F1AF-482D-8DAF-B432A270A3F1}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B21BE125-AC0D-43F3-B98D-604EA3EA4343}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{BC4648D9-0313-407C-A642-9AEC01CCF440}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01D01829-261B-4126-976A-C5E955FF3951}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
25-12-2016 07:37:17 Scheduled Checkpoint
26-12-2016 21:46:28 Installed IncrediMail.
03-01-2017 07:30:14 Scheduled Checkpoint
10-01-2017 19:25:33 Windows Update
10-01-2017 19:27:22 Windows Update
==================== Faulty Device Manager Devices =============
Name: USB camera
Description: USB camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2017 07:27:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/10/2017 07:26:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/10/2017 07:04:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15531
Error: (01/10/2017 07:04:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15531
Error: (01/10/2017 07:04:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/09/2017 07:07:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/09/2017 01:55:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jim-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (01/09/2017 01:55:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jim-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (01/09/2017 01:55:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jim-PC)
Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (01/03/2017 07:30:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (01/10/2017 08:37:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/10/2017 08:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (01/09/2017 03:57:28 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/09/2017 02:00:13 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629} did not register with DCOM within the required timeout.
Error: (01/09/2017 02:00:13 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/09/2017 01:55:55 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Error: (01/09/2017 01:55:55 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Error: (01/09/2017 01:55:55 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Error: (01/09/2017 01:55:55 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Error: (01/09/2017 01:55:55 PM) (Source: DCOM) (EventID: 10010) (User: Jim-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.98 MB
Available physical RAM: 733.95 MB
Total Virtual: 4094.98 MB
Available Virtual: 2082.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:232.35 GB) (Free:190.08 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================