Hi, Run Just VEW for Applications., or do you want anything else checked off? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Tim (administrator) on TIM-HP (26-06-2017 08:56:53)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim & Guest (Available Profiles: Tim & General Log In & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(The OpenVPN Project) C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\MountPoints2: {2301f08c-46ea-11e6-b913-a0d3c14a78f6} - WinCleaner Application Setup.exe
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3386813744-1969293527-735481815-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2017-06-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3386813744-1969293527-735481815-1001] => http=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{7C0566C2-7D23-414D-B4B4-2CD1F8917416}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{B8692A19-E7CA-4985-B46C-556A84D4EF53}: [DhcpNameServer] 192.168.254.254
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1486642584294
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default [2016-10-26]
FF Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\
[email protected] [2016-12-04]
FF Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\
[email protected] [2017-06-25]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\
[email protected] [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-06-25]
CHR Extension: (FedEx
Email/Online Label
Shipping...) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaafagmnojmnjepbehlplcmoklcacbl [2017-06-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-21]
CHR Extension: (Click&Clean) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-06-01]
CHR Extension: (History Eraser) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-06-23]
CHR Extension: (J2TeaM Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlcjjclebjnfohgmgikjfnbmfkigocc [2017-06-08]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-06-25]
CHR Extension: (Cyber Security News by Gold Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehljakhaojdgjoggcpnbjkehgglbfb [2017-05-28]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Click&Clean App) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-23]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-10]
Opera:
=======
OPR Extension: (Stormcrow) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2017-04-18]
OPR Extension: (360 Internet Protection) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-06-25]
OPR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2016-10-25]
OPR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-06-25]
OPR Extension: (Privacy Badger) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2017-06-25]
OPR Extension: (SurfPatrol) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pafbnmdfbmigjdbkhkchclhpmfcoageo [2017-01-16]
OPR Extension: (Privacy Cleaner) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdomeailoegpefbldkonkajkcolkbmhi [2017-01-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-10] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51208 2017-01-10] (Advanced Micro Devices, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [95112 2017-01-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [254344 2017-01-10] (Advanced Micro Devices, Inc. )
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-06-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-06-02] (Avira Operations GmbH & Co. KG)
R3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-05-18] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 aswVmm; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 08:56 - 2017-06-26 08:57 - 00023322 _____ C:\Users\Tim\Desktop\FRST.txt
2017-06-26 08:56 - 2017-06-26 08:56 - 00000000 ____D C:\Users\Tim\Desktop\FRST-OlderVersion
2017-06-26 07:45 - 2017-06-26 07:46 - 20612608 _____ (Adobe Systems Incorporated) C:\Users\Tim\Downloads\install_flash_player_ppapi.exe
2017-06-25 22:56 - 2017-06-25 22:56 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 22:24 - 2017-06-26 08:32 - 00000000 ____D C:\Users\Tim\Desktop\New folder junk files
2017-06-25 22:21 - 2017-06-25 22:21 - 00030354 _____ C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-25 21:22 - 2017-06-25 21:22 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Avira
2017-06-25 13:36 - 2017-06-02 19:05 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-25 13:30 - 2017-06-25 13:30 - 00002156 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-06-25 13:29 - 2017-06-25 13:29 - 00003506 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-06-25 13:29 - 2017-06-25 13:29 - 00003378 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-06-25 13:28 - 2017-06-26 07:34 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-25 13:28 - 2017-06-25 13:28 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-06-25 13:28 - 2017-06-25 13:28 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-06-25 13:27 - 2017-06-25 13:27 - 00002086 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-06-25 13:27 - 2017-06-25 13:27 - 00001048 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Avira
2017-06-25 13:25 - 2017-06-25 13:25 - 00001212 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-25 13:23 - 2017-06-25 13:23 - 04799712 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tim\Desktop\avira_en_fass0_58e0ec4c4ec59__ws.exe
2017-06-25 10:54 - 2017-06-25 23:06 - 00001894 _____ C:\VEW.txt
2017-06-25 10:51 - 2017-06-25 10:51 - 00061440 _____ ( ) C:\Users\Tim\Desktop\VEW.exe
2017-06-25 10:18 - 2017-06-25 10:18 - 00001409 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-06-25 10:16 - 2017-06-25 10:17 - 26157600 _____ C:\Users\Tim\Desktop\SeaToolsforWindowsSetup.exe
2017-06-20 19:08 - 2017-06-20 19:08 - 00000057 _____ C:\ProgramData\Ament.ini
2017-06-20 19:08 - 2017-06-20 19:08 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Hewlett-Packard
2017-06-20 19:06 - 2017-06-20 19:07 - 48748328 _____ C:\Users\Tim\Desktop\DJ1000_J110_1313-1.exe
2017-06-20 18:15 - 2017-06-20 19:08 - 00003610 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series
2017-06-20 18:15 - 2017-06-20 18:22 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-06-20 18:15 - 2017-06-20 18:15 - 00001105 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-06-20 18:15 - 2017-06-20 18:15 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-06-20 18:14 - 2017-06-20 19:08 - 00002280 _____ C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 19:08 - 00001202 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\Program Files\HP
2017-06-20 15:43 - 2017-06-20 15:43 - 00002640 _____ C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk
2017-06-20 15:43 - 2017-06-20 15:43 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-18 11:36 - 2017-06-18 11:36 - 00900704 _____ (Seagate Technology) C:\Users\Tim\Desktop\drivedetect.exe
2017-06-14 06:31 - 2017-06-25 20:04 - 00000000 ____D C:\Program Files\Speccy
2017-06-14 06:31 - 2017-06-14 06:31 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-06-14 06:31 - 2017-06-14 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-06-14 06:29 - 2017-06-14 06:29 - 06293184 _____ (Piriform Ltd) C:\Users\Tim\Desktop\spsetup130.exe
2017-06-14 05:48 - 2017-06-14 05:48 - 02724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Tim\Desktop\procexp.exe
2017-06-12 17:55 - 2017-06-12 17:55 - 00030951 _____ C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-12 08:29 - 2017-06-26 08:56 - 00000000 ____D C:\FRST
2017-06-12 08:27 - 2017-06-26 08:56 - 02441216 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2017-06-08 18:50 - 2017-06-08 18:47 - 00000030 _____ C:\AVScanner.ini
2017-06-08 16:30 - 2017-06-26 08:54 - 00000000 ____D C:\Users\Tim\AppData\Local\FSDART
2017-06-08 16:30 - 2017-06-08 16:31 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2017-06-08 16:07 - 2017-06-08 16:05 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-06-08 15:34 - 2017-06-08 15:35 - 00524248 _____ (F-Secure Corporation) C:\Users\Tim\Desktop\F-SecureOnlineScanner.exe
2017-06-06 13:57 - 2017-06-06 13:57 - 00313366 _____ C:\Users\Tim\Downloads\WindowsUpdate.diagcab
2017-05-27 14:25 - 2017-05-27 14:25 - 00000000 ____D C:\Users\Tim\AppData\Local\Microsoft Corporation
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:33 - 2017-01-31 11:24 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 07:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-25 23:31 - 2015-12-12 03:28 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-25 22:56 - 2016-10-26 04:50 - 00000000 ____D C:\Users\Tim\AppData\Local\Avira
2017-06-25 21:08 - 2016-10-26 05:38 - 00016328 _____ C:\Windows\SysWOW64\Defrag.debuglog
2017-06-25 13:47 - 2016-04-21 12:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\hpqLog
2017-06-25 13:36 - 2016-10-26 03:40 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-25 13:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-25 13:25 - 2016-03-20 05:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 09:37 - 2016-05-28 09:30 - 00000000 ____D C:\AdwCleaner
2017-06-24 07:06 - 2017-02-21 11:34 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTim
2017-06-24 07:06 - 2017-02-21 11:34 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForTim.job
2017-06-20 19:08 - 2016-01-25 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-20 19:08 - 2015-12-12 03:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-06-20 18:47 - 2017-02-16 11:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-20 18:15 - 2015-12-12 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-20 17:50 - 2016-05-20 14:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-06-20 17:50 - 2015-12-12 03:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-06-20 17:50 - 2015-12-12 03:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-06-20 17:50 - 2015-12-12 03:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-06-20 15:56 - 2015-12-28 16:22 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2017-06-18 10:05 - 2016-12-14 11:00 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1481727622
2017-06-18 10:05 - 2016-12-14 10:59 - 00000000 ____D C:\Program Files\Opera
2017-06-18 09:59 - 2015-12-12 03:30 - 00000000 ____D C:\Windows\tbaseregistry
2017-06-18 09:57 - 2015-12-12 03:31 - 26213345 _____ C:\Windows\SysWOW64\rootpa.e2e
2017-06-18 09:46 - 2016-01-12 12:30 - 00000000 ___RD C:\Users\Tim\Documents\Scanned Documents
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 07:09 - 2016-01-05 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 07:07 - 2016-01-31 19:50 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 07:02 - 2016-06-05 13:32 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-10 21:15 - 2017-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-10 21:13 - 2016-05-24 12:34 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Adobe
2017-06-10 21:13 - 2016-03-05 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-10 21:13 - 2015-12-28 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 20:55 - 2016-01-07 08:12 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-06-08 18:28 - 2016-11-02 15:07 - 03255948 _____ C:\Windows\ntbtlog.txt
2017-06-08 16:17 - 2016-12-05 11:49 - 00000000 ____D C:\Program Files\Java
2017-06-08 16:17 - 2016-04-08 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-08 16:07 - 2016-04-08 13:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-08 16:05 - 2016-12-05 11:50 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-06-08 16:05 - 2016-12-05 11:50 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-06-08 16:04 - 2016-04-08 13:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-06 13:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-06 12:38 - 2017-01-31 11:24 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-28 06:53 - 2017-02-11 09:30 - 00000000 ____D C:\SUPERDelete
==================== Files in the root of some directories =======
2017-02-08 21:17 - 2017-02-08 21:17 - 0046788 _____ () C:\ProgramData\agent.1486603026.bdinstall.bin
2017-02-08 21:36 - 2017-02-08 21:36 - 0028706 _____ () C:\ProgramData\agent.1486604163.bdinstall.bin
2017-02-08 21:37 - 2017-02-08 21:37 - 0028778 _____ () C:\ProgramData\agent.1486604202.bdinstall.bin
2017-02-08 22:18 - 2017-02-08 22:18 - 0028778 _____ () C:\ProgramData\agent.1486606720.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821554.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821588.bdinstall.bin
2017-02-12 05:55 - 2017-02-12 05:55 - 0028779 _____ () C:\ProgramData\agent.1486893287.bdinstall.bin
2017-02-16 11:48 - 2017-02-16 11:48 - 0028497 _____ () C:\ProgramData\agent.1487260113.bdinstall.bin
2017-02-16 11:49 - 2017-02-16 11:49 - 0028427 _____ () C:\ProgramData\agent.1487260177.bdinstall.bin
2017-02-16 12:49 - 2017-02-16 12:49 - 0028780 _____ () C:\ProgramData\agent.1487263757.bdinstall.bin
2017-02-16 12:50 - 2017-02-16 12:50 - 0028780 _____ () C:\ProgramData\agent.1487263804.bdinstall.bin
2017-02-16 18:58 - 2017-02-16 18:58 - 0028780 _____ () C:\ProgramData\agent.1487285925.bdinstall.bin
2017-02-17 13:08 - 2017-02-17 13:08 - 0028780 _____ () C:\ProgramData\agent.1487351306.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:07 - 0028780 _____ () C:\ProgramData\agent.1487628430.bdinstall.bin
2017-03-03 09:42 - 2017-03-03 09:42 - 0028780 _____ () C:\ProgramData\agent.1488548516.bdinstall.bin
2017-03-04 11:39 - 2017-03-04 11:39 - 0028780 _____ () C:\ProgramData\agent.1488641969.bdinstall.bin
2017-03-06 18:07 - 2017-03-06 18:07 - 0028780 _____ () C:\ProgramData\agent.1488838053.bdinstall.bin
2017-03-06 18:08 - 2017-03-06 18:08 - 0028780 _____ () C:\ProgramData\agent.1488838117.bdinstall.bin
2017-03-07 07:06 - 2017-03-07 07:06 - 0028780 _____ () C:\ProgramData\agent.1488884812.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028780 _____ () C:\ProgramData\agent.1489097528.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028779 _____ () C:\ProgramData\agent.1489097574.bdinstall.bin
2017-03-14 08:59 - 2017-03-14 08:59 - 0028736 _____ () C:\ProgramData\agent.1489496386.bdinstall.bin
2017-03-14 09:22 - 2017-03-14 09:22 - 0028601 _____ () C:\ProgramData\agent.1489497767.bdinstall.bin
2017-03-14 09:23 - 2017-03-14 09:23 - 0028743 _____ () C:\ProgramData\agent.1489497792.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028738 _____ () C:\ProgramData\agent.1489838475.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028745 _____ () C:\ProgramData\agent.1489838502.bdinstall.bin
2017-06-25 22:21 - 2017-06-25 22:21 - 0030354 _____ () C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-12 17:55 - 2017-06-12 17:55 - 0030951 _____ () C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-20 19:08 - 2017-06-20 19:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-02-08 22:22 - 2017-02-08 22:22 - 0368084 _____ () C:\ProgramData\cl.1486606757.bdinstall.bin
2017-03-09 18:16 - 2017-03-09 18:16 - 0380034 _____ () C:\ProgramData\cl.repair.1489097691.bdinstall.bin
2017-03-14 09:20 - 2017-03-14 09:20 - 0215144 _____ () C:\ProgramData\cl.uninstall.1489497341.bdinstall.bin
2016-06-29 17:22 - 2016-06-29 17:23 - 1271840 _____ () C:\ProgramData\hpdam_install_log.txt
2016-06-29 17:22 - 2016-06-29 17:22 - 0272336 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-22 08:26
==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Tim (26-06-2017 08:57:41)
Running from C:\Users\Tim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-20 19:14:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Disabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.8.2.29275 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.5.3029.2783 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.0.5478 - Avira Operations GmbH & Co. KG)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version: - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version: - PopCap Games)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EarthLink Accelerator (HKLM-x32\...\EarthLink Accelerator) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.19.3 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version: - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version: - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version: - WOLFCODERS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07999E06-7CD6-4BE2-9213-12FF183808BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {220ECEBE-27F2-49F6-B940-105C91A5710F} - System32\Tasks\{AD6719E0-A35B-4FB0-9469-F3ECA6E98920} => F:\Setup.exe
Task: {2BDFECED-24B7-4D8C-9025-C1502F04228B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2F177236-8AEA-4439-9CD0-BDEF1C7C0257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {36A095E9-8583-4F7B-AAAC-3C11076EE515} - System32\Tasks\{A54828EC-DF0D-4800-BCD0-8A56F560D437} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {385C2FE5-95C0-4665-B925-80CEDA035EB5} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {3D11CE46-87BC-4C8D-A998-1334CBECE846} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {3D67B3E7-C05E-44C0-86C3-41EA2295BFD7} - System32\Tasks\{2B4A8FF7-D501-46FB-9AE4-9518FE895316} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {3FD481D7-33C8-4B55-83D1-6ADEA73CD958} - System32\Tasks\Opera scheduled Autoupdate 1481727622 => C:\Program Files\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {4E5A5561-7AF6-4C58-9FBD-05CBFB188944} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4EA0DEA2-1FE1-4122-84C3-EECC5E56C6CF} - System32\Tasks\{1C7D4D19-C8E6-455D-A53C-6BADA3C107E5} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {6648098E-9C85-4D31-9D29-15910CBE5E3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6BF91CFD-DFEF-4CA8-A3A0-E810147FE45E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6BFCB507-58F4-4919-B4AC-5C9FB9D28F0C} - System32\Tasks\{A55B9265-8122-42BB-B1F3-07F7E45F3706} => Iexplore.exe hxxps://ui.skype.com/ui/0/7.32.0.104/en/eula?source=lightinstaller
Task: {6C339922-6108-4341-867F-16536565B946} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
Task: {75A91597-6A9A-45C0-8C0C-F6B1B466A192} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {7656ADD2-637A-49B9-BD5B-2163FC5FC827} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {76637EEE-D769-4FF1-87A0-B618D5210B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7905813F-3B6D-486B-8E94-A99FCD531A2F} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {81F28D25-FD76-46E0-9A94-7CFBD52AD198} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8773223F-C0F6-4256-B6AE-37485593ED18} - System32\Tasks\{B1BDA461-F2FB-4735-911B-8466740BEE40} => pcalua.exe -a F:\ISP5900\setup.exe -d F:\ISP5900
Task: {878D9DF9-D68A-43FF-9FA6-46EACB45D8CE} - System32\Tasks\{63BBADBD-CE52-4A80-BA74-A575FC495A84} => F:\Setup.exe
Task: {8A378C3D-49EF-4E60-8D81-262E5144498E} - System32\Tasks\{46A17704-B290-4506-9618-5701D9CA2AD2} => F:\Setup.exe
Task: {8DD566CA-2A83-4148-86AC-DDB5D3C322BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {91245DE5-488E-4A6D-B6F4-7DED8F800C96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {91865B85-37EF-4B20-9F1E-CAD158966E73} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\1 => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {92A5803E-5154-441D-983A-B74D0B2F9E1B} - System32\Tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0} => C:\Users\General Log In\Downloads\SUPERAntiSpyware.exe
Task: {9B578603-B351-47C9-88B1-4C64952A44E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A398B473-F52B-4FD1-AEB9-A800E460F84E} - System32\Tasks\{AFB67468-FA1C-44FC-8F3D-F1A849BC465F} => F:\Setup.exe
Task: {AA854452-7584-4BA7-A8FD-BAC70A4D580F} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {ABEE2E06-9083-4E46-BC19-0049023C84E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AE9DC7A8-FA4F-42AD-ACF2-9B838FCD2522} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB343A67-670A-46A9-87D7-158AF9A9EC79} - System32\Tasks\{729BA09E-DBAC-4313-9C6E-3892146BD40A} => F:\Setup.exe
Task: {BC860C8E-EC1D-4646-A9A1-B48BEA459B70} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-06-25] (Avira Operations GmbH & Co. KG )
Task: {C20AC3DE-8C16-49C6-82DF-7ECB7E78C46C} - System32\Tasks\{05792CFD-05F5-46C8-9C8C-19C70F0E9549} => F:\Setup.exe
Task: {D21C77C0-6040-484C-8D8F-29229BE0B434} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2017-06-20] (SUPERAntiSpyware) <==== ATTENTION
Task: {D71BD3E9-9D48-4AE3-8D71-40503042B818} - System32\Tasks\{095E7B1F-B78E-430C-9E00-3A980CBC2EC7} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {DA4FECCE-33E1-4D3E-9643-20A155D7D694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF3F0AF7-6913-4840-8E0F-214B56FB6E4E} - System32\Tasks\{AC256CE6-2226-4B88-90C3-CDD2A645EA89} => F:\Setup.exe
Task: {E2C37FAE-6107-4123-9785-B2DF00782DE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E65E4D0E-F19E-4BE1-9BFA-C44274169D58} - System32\Tasks\HPCeeScheduleForTim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {F34E7CF6-E02B-4DC9-AC9B-4672844F95D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
==================== Loaded Modules (Whitelisted) ==============
2014-02-05 15:56 - 2014-02-05 15:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00167312 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\lzo2.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00166840 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\libpkcs11-helper-1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\Users\Tim\Desktop\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\adwcleaner_6.046.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-adwc.adwc100.3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\winupdatefix_1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mbar-1.09.3.1001.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\deere.com -> hxxps://jdparts.deere.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\flhsmv.gov -> hxxps://www.flhsmv.gov
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\hdonline.to -> hxxps://hdonline.to
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\pch.com -> hxxp://search.pch.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\usa4sale.net -> hxxp://contact.usa4sale.net
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-03-05 12:28 - 2017-06-08 17:02 - 00000033 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP1.jpg
DNS Servers: 192.168.224.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: HPFSService => 2
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files (x86)\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6F44F3E-63AD-4480-8981-1F8E4BC156A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92635564-B32B-4941-8709-EDC3534DA1F7}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{0F7C25B6-D55C-4599-808E-70473E50600B}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{50E9D51B-9089-4C78-8F73-3E2E5E0D42C5}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{3D066DB3-3078-49D4-A3A6-AF4075CB1645}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{9A373D22-61C3-4F8B-BBEF-1D2CEC770DB5}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{82B69666-6A08-4AB4-B240-B287A8D13E38}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{D32E408E-6053-455A-990F-9F46633386D8}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{38B50817-1FA9-4CB1-B36F-FAF8288E99E7}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{BDD0E46F-885B-4696-ADCE-C508C1F9F12A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{953F6506-888F-4867-B3B2-8E82E4E25263}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{08BCF83E-E091-4FAC-9D79-87F5D20AEE8C}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{AA04C2EA-8C48-467B-BC95-EDBCA22C98B5}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{8FD07A63-7436-47CF-BA1F-834A0A492F69}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{ACF8D3C4-FF9A-4CD3-8EA4-28D0784A5E00}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{B3C0EE64-66A1-4F53-9ABE-C6637AB3FABA}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{91069DC4-8EB5-4A7C-8804-CA63B1DB68C0}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6B43B3CE-DC50-45A5-8B9C-BBF6E68A2E22}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{E2AFA9F5-1B1B-4500-8997-4963CA7BCF15}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{285830EF-6348-490E-AF3E-A4E3BD091FBF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{2A1B1D2E-C4D7-42AF-9D46-A4D9F1592ACF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{C962AA5F-D716-4894-A777-9980540483E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D8BB9E0F-2592-4C32-B96F-AE69B073FAE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EDE067A-8C7B-43BB-A5B7-58D0CC51B633}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E81B4361-07C3-4BFB-8571-B70DD4167B3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9C94891-2C9B-40CE-8333-9A41D4FBA565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DD7DB7A0-CA86-416B-BBD9-BA1D7B2C6E53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFEDAD6-0BEB-4578-B149-3AB62C1B7D85}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C8501CF7-59E4-43E0-AA45-EE26755E751F}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{905779AE-D66A-4666-9FFB-56A8610A6FBA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{C90C27C3-BCC7-4ACE-9E22-2C7488FE70FA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{072E5150-569C-4950-833F-437FEC13136A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{D779D332-B00D-4FCC-8F0D-2038BDD79CD7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{25ABBA34-5506-420A-AA0A-93D0A7088E21}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92086CBF-6C8E-46CE-86EA-FAC5797DB131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26BE28BC-BE97-4D1D-BD8E-90F9C06978D4}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
FirewallRules: [{DCCC4C09-38AC-4106-82C9-36B5059C3EDE}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{CFFEEADA-8E35-476D-9018-B63240888C7A}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{2BFC7583-91DE-4229-BA9B-6218A5F21BF2}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
==================== Restore Points =========================
24-06-2017 07:00:27 Windows Update
24-06-2017 21:45:02 Windows Update
25-06-2017 07:00:13 Windows Update
25-06-2017 10:17:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
25-06-2017 13:34:23 Device Driver Package Install: Phantom TAP-Windows Provider V9 Network adapters
25-06-2017 13:47:04 Avira System Speedup Optimization
25-06-2017 13:48:43 Avira System Speedup Optimization
25-06-2017 21:13:42 Avira System Speedup Optimization
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/26/2017 07:44:20 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
Error: (06/26/2017 07:44:08 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
Error: (06/26/2017 07:38:15 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
Error: (06/26/2017 07:38:15 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
Error: (06/26/2017 07:38:14 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9.
The system error code is 0xe0000231:-
** The error code could not be translated **
Error: (06/26/2017 07:38:14 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9.
The system error code is 0xe0000231:-
** The error code could not be translated **
Error: (06/26/2017 07:34:24 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
Error: (06/26/2017 07:34:22 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
Error: (06/26/2017 07:33:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
Error: (06/26/2017 07:33:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
The system error code is 0x5:-
Access is denied.
System errors:
=============
Error: (06/25/2017 10:54:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (06/25/2017 10:52:00 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume D: were aborted because of a failed free space computation.
Error: (06/25/2017 10:51:59 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume D: were aborted because of a failed free space computation.
Error: (06/25/2017 10:17:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.
Error: (06/25/2017 10:17:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.
Error: (06/25/2017 10:17:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.
CodeIntegrity:
===================================
Date: 2016-05-30 18:23:15.172
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 18:23:15.172
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 12:34:09.752
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 12:34:09.736
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 06:39:39.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 06:39:39.674
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 06:38:10.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-30 06:38:10.565
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-29 07:13:05.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-29 07:13:05.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 32%
Total physical RAM: 7612.08 MB
Available physical RAM: 5144.87 MB
Total Virtual: 15222.35 MB
Available Virtual: 11933.98 MB
==================== Drives ================================
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:855.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
==================== End of Addition.txt ============================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/06/2017 9:13:20 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/06/2017 11:44:20 AM
Type: Error Category: 0
Event: 2800 Source: HP Active Health
Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry. at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp) at System.Diagnostics.PerformanceCounterLib.get_NameTable() at System.Diagnostics.PerformanceCounterLib.get_CategoryTable() at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists) at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter) at System.Diagnostics.PerformanceCounter.InitializeImpl() at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly) at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName) at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage() at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues() at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
Log: 'Application' Date/Time: 26/06/2017 11:44:08 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:38:15 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:38:15 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:38:14 AM
Type: Error Category: 1
Event: 1055 Source: flcdlock
An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9. The system error code is 0xe0000231:- ** The error code could not be translated **
Log: 'Application' Date/Time: 26/06/2017 11:38:14 AM
Type: Error Category: 1
Event: 1055 Source: flcdlock
An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9. The system error code is 0xe0000231:- ** The error code could not be translated **
Log: 'Application' Date/Time: 26/06/2017 11:34:24 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:34:22 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:33:40 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:33:40 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 11:32:39 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 26/06/2017 2:57:14 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 2:57:13 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 2:56:30 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 26/06/2017 2:54:55 AM
Type: Error Category: 3
Event: 455 Source: ESENT
wuaueng.dll (1068) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.
Log: 'Application' Date/Time: 26/06/2017 2:54:52 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 2:52:01 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 2:52:00 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 2:52:00 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
Log: 'Application' Date/Time: 26/06/2017 2:38:09 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt. The system error code is 0x5:- Access is denied.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/06/2017 11:45:07 AM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted. at Interop.WUApiLib.IUpdateSearcher.Search(String criteria) at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
Log: 'Application' Date/Time: 26/06/2017 11:44:17 AM
Type: Warning Category: 0
Event: 29 Source: HP Active Health
The agent state file named C:\ProgramData\Hewlett-Packard\HP Active Health\Agent State\HP.ActiveHealth.Agents.HpsaMessages.HpsaMessagesAgent.dat already exist in the list to be serialized
Log: 'Application' Date/Time: 26/06/2017 11:44:10 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 26/06/2017 11:44:10 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 26/06/2017 11:44:09 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 26/06/2017 11:44:09 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 26/06/2017 11:44:07 AM
Type: Warning Category: 0
Event: 27 Source: HP Active Health
Error getting process performance counters
Log: 'Application' Date/Time: 26/06/2017 11:44:04 AM
Type: Warning Category: 0
Event: 27 Source: HP Active Health
Error getting process performance counters
Log: 'Application' Date/Time: 26/06/2017 11:44:04 AM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
Log: 'Application' Date/Time: 26/06/2017 11:44:03 AM
Type: Warning Category: 0
Event: 27 Source: HP Active Health
Error getting process performance counters
Log: 'Application' Date/Time: 26/06/2017 11:44:02 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 26/06/2017 3:30:44 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 4 user registry handles leaked from \Registry\User\S-1-5-21-3386813744-1969293527-735481815-1001:
Process 2876 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 2876 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 1260 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 2876 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Log: 'Application' Date/Time: 26/06/2017 2:54:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-3386813744-1969293527-735481815-1001:
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 7620 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 6240 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\sched.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 7620 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Edited by bonezz777, 26 June 2017 - 07:14 AM.