Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Farbar Scan Results


  • Please log in to reply

#1
bonezz777

bonezz777

    Member

  • Member
  • PipPip
  • 99 posts

Hello,& thanks for Y'alls Help; Before I post the results, I Was able to use windows malicious tool remover ( no good), then I tried running "F-secure found 1 issue" but problems continue; Then I tried Sophos Virus removal tool, (no good) problems still there; Now I try Superantispyware, several times a day, & each time it finds anywhere between 4 to 596 things to delete, I also have Malwarebytes anti malware,& Adwcleaner, as well as bitdefender free( which has not done any good)...Symtoms are this:: My Desktop Page gets ALL rearranged everyday, My Wife likes to go to PCH publishers clearing house to "games" & play Mahjong, We have a beefy enough computer, to do what little bit we do, but NOW Her game just Hangs up or will be REALLY Delayed, She show me, said "watch this" She clicked on her move & i counted to around the count of 10 before her move would respond....Someone or something is really Bogging us down.. Ever since I bought this New, it's given me problems updating "windows update, ( tried all their tools & Cabinets) NO good...That's all we do, we are Not gamers we are old folks, that use our computer to watch movies, google/duck duck go searches,  occasionally we buy something online from wally world or ebay....That's it..The other day my Wife was searching for movies,(and got a warning in Big Red writing saying"Warning Your computer has been put on Lockdown to prevent further infection call 1-800-bla-bla -bla" She freaked out & called me,and I told her Not to touch or do anything until I got home, I got home & ran every tool I had & I cant remember (old age Part timers) I call it, But I think all the tools only found (1) bugger...F Secure says it has items in quarantine;  we could watch,'because we are "trying to live off my disability only, so Can't afford cable/satellite anymore...OKAY now You know what We Know, & We don't know diddly; Here is The Report Scan, Thanks in advance,Tim....(OH PS)All our writing on any web page Overlaps onto all other writing Making it look like gobblygoop:::::Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017

Ran by Tim (administrator) on TIM-HP (12-06-2017 08:30:02)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim (Available Profiles: Tim & General Log In & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\Run: [BingSvc] => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7956384 2017-06-01] (SUPERAntiSpyware)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5791696 2017-03-21] (SecureMix LLC)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\MountPoints2: {2301f08c-46ea-11e6-b913-a0d3c14a78f6} - WinCleaner Application Setup.exe
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3386813744-1969293527-735481815-1001] => http=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B8692A19-E7CA-4985-B46C-556A84D4EF53}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1486642584294
 
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default [2016-10-26]
FF Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2016-12-04]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-06-12]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-06]
CHR Extension: (Click&Clean) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-06-01]
CHR Extension: (History Eraser) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-06-01]
CHR Extension: (J2TeaM Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlcjjclebjnfohgmgikjfnbmfkigocc [2017-06-08]
CHR Extension: (Cyber Security News by Gold Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehljakhaojdgjoggcpnbjkehgglbfb [2017-05-28]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Click&Clean App) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-10]
 
Opera: 
=======
OPR Extension: (Stormcrow) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2017-04-18]
OPR Extension: (360 Internet Protection) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-06-07]
OPR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2016-10-25]
OPR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-06-08]
OPR Extension: (Privacy Badger) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2017-05-26]
OPR Extension: (SurfPatrol) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pafbnmdfbmigjdbkhkchclhpmfcoageo [2017-01-16]
OPR Extension: (Privacy Cleaner) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdomeailoegpefbldkonkajkcolkbmhi [2017-01-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-10] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4393424 2017-03-21] (SecureMix LLC)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [79440 2015-08-14] (Advanced Micro Devices, Inc.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-05-11] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-05-11] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-05-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [114456 2015-08-14] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [298776 2015-08-14] (Advanced Micro Devices, Inc. )
R0 Atc; C:\Windows\System32\DRIVERS\Atc.sys [937728 2017-05-16] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1612648 2017-05-11] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [370136 2017-05-11] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-12] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-12 08:30 - 2017-06-12 08:30 - 00019764 _____ C:\Users\Tim\Desktop\FRST.txt
2017-06-12 08:29 - 2017-06-12 08:30 - 00000000 ____D C:\FRST
2017-06-12 08:27 - 2017-06-12 08:27 - 02438656 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2017-06-08 18:50 - 2017-06-08 18:47 - 00000030 _____ C:\AVScanner.ini
2017-06-08 16:30 - 2017-06-10 05:16 - 00000000 ____D C:\Users\Tim\AppData\Local\FSDART
2017-06-08 16:30 - 2017-06-08 16:31 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2017-06-08 16:07 - 2017-06-08 16:05 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-06-08 15:34 - 2017-06-08 15:35 - 00524248 _____ (F-Secure Corporation) C:\Users\Tim\Desktop\F-SecureOnlineScanner.exe
2017-06-06 13:57 - 2017-06-06 13:57 - 00313366 _____ C:\Users\Tim\Downloads\WindowsUpdate.diagcab
2017-06-02 05:05 - 2017-06-02 05:05 - 00029367 _____ C:\ProgramData\agent.update.1496394339.bdinstall.bin
2017-05-27 14:25 - 2017-05-27 14:25 - 00000000 ____D C:\Users\Tim\AppData\Local\Microsoft Corporation
2017-05-27 14:05 - 2017-05-27 14:06 - 43370704 _____ (Microsoft Corporation) C:\Users\Tim\Desktop\Windows-KB890830-x64-V5.48.exe
2017-05-25 21:04 - 2017-05-25 21:04 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-05-25 21:04 - 2017-05-25 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-25 21:04 - 2017-05-25 21:04 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-05-25 20:25 - 2017-05-25 20:25 - 00000000 ____D C:\ProgramData\COMODO
2017-05-23 17:21 - 2017-05-23 17:21 - 04110280 _____ C:\Users\Tim\Desktop\adwcleaner_6.047 (1).exe
2017-05-23 17:14 - 2017-05-23 17:10 - 63364552 _____ (Malwarebytes ) C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-16 18:19 - 2017-05-16 18:19 - 00937728 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\Atc.sys
2017-05-14 07:22 - 2017-05-14 07:14 - 63035592 _____ (Malwarebytes ) C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe
2017-05-14 07:22 - 2017-05-03 04:22 - 30649312 _____ (SecureMix LLC) C:\Users\Tim\Documents\GlassWireSetup (1).exe
2017-05-14 07:07 - 2017-05-14 07:08 - 63035592 _____ (Malwarebytes ) C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-12 08:13 - 2017-03-14 09:05 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-06-12 07:51 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-12 07:51 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-12 07:44 - 2017-02-08 21:17 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-06-12 07:44 - 2017-01-31 11:24 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 07:44 - 2015-12-12 03:31 - 25846858 _____ C:\Windows\SysWOW64\rootpa.e2e
2017-06-12 07:43 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-11 23:13 - 2015-12-12 03:28 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-11 16:05 - 2016-05-28 09:30 - 00000000 ____D C:\AdwCleaner
2017-06-10 21:15 - 2017-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-10 21:13 - 2016-05-24 12:34 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Adobe
2017-06-10 21:13 - 2016-03-05 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-10 21:13 - 2015-12-28 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 20:55 - 2016-01-07 08:12 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2017-06-10 06:10 - 2017-02-21 11:34 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTim
2017-06-10 06:10 - 2017-02-21 11:34 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForTim.job
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-06-08 18:28 - 2016-11-02 15:07 - 03255948 _____ C:\Windows\ntbtlog.txt
2017-06-08 18:26 - 2016-06-05 13:32 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-08 16:17 - 2016-12-05 11:49 - 00000000 ____D C:\Program Files\Java
2017-06-08 16:17 - 2016-04-08 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-08 16:07 - 2016-04-08 13:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-08 16:05 - 2016-12-05 11:50 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-06-08 16:05 - 2016-12-05 11:50 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-06-08 16:04 - 2016-04-08 13:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-06 13:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-06 12:38 - 2017-01-31 11:24 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-02 04:49 - 2017-02-16 11:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-31 10:41 - 2016-12-14 11:00 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1481727622
2017-05-31 10:41 - 2016-12-14 10:59 - 00000000 ____D C:\Program Files\Opera
2017-05-28 06:53 - 2017-02-11 09:30 - 00000000 ____D C:\SUPERDelete
2017-05-27 08:23 - 2015-12-28 16:22 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2017-05-23 17:11 - 2017-01-31 11:24 - 00001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-23 17:11 - 2017-01-31 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-23 07:07 - 2016-01-31 19:50 - 00000000 ____D C:\Windows\system32\MRT
2017-05-17 15:22 - 2009-07-14 01:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-16 05:23 - 2016-10-24 14:54 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Google
2017-05-15 17:34 - 2016-10-24 14:54 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2017-02-08 21:17 - 2017-02-08 21:17 - 0046788 _____ () C:\ProgramData\agent.1486603026.bdinstall.bin
2017-02-08 21:36 - 2017-02-08 21:36 - 0028706 _____ () C:\ProgramData\agent.1486604163.bdinstall.bin
2017-02-08 21:37 - 2017-02-08 21:37 - 0028778 _____ () C:\ProgramData\agent.1486604202.bdinstall.bin
2017-02-08 22:18 - 2017-02-08 22:18 - 0028778 _____ () C:\ProgramData\agent.1486606720.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821554.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821588.bdinstall.bin
2017-02-12 05:55 - 2017-02-12 05:55 - 0028779 _____ () C:\ProgramData\agent.1486893287.bdinstall.bin
2017-02-16 11:48 - 2017-02-16 11:48 - 0028497 _____ () C:\ProgramData\agent.1487260113.bdinstall.bin
2017-02-16 11:49 - 2017-02-16 11:49 - 0028427 _____ () C:\ProgramData\agent.1487260177.bdinstall.bin
2017-02-16 12:49 - 2017-02-16 12:49 - 0028780 _____ () C:\ProgramData\agent.1487263757.bdinstall.bin
2017-02-16 12:50 - 2017-02-16 12:50 - 0028780 _____ () C:\ProgramData\agent.1487263804.bdinstall.bin
2017-02-16 18:58 - 2017-02-16 18:58 - 0028780 _____ () C:\ProgramData\agent.1487285925.bdinstall.bin
2017-02-17 13:08 - 2017-02-17 13:08 - 0028780 _____ () C:\ProgramData\agent.1487351306.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:07 - 0028780 _____ () C:\ProgramData\agent.1487628430.bdinstall.bin
2017-03-03 09:42 - 2017-03-03 09:42 - 0028780 _____ () C:\ProgramData\agent.1488548516.bdinstall.bin
2017-03-04 11:39 - 2017-03-04 11:39 - 0028780 _____ () C:\ProgramData\agent.1488641969.bdinstall.bin
2017-03-06 18:07 - 2017-03-06 18:07 - 0028780 _____ () C:\ProgramData\agent.1488838053.bdinstall.bin
2017-03-06 18:08 - 2017-03-06 18:08 - 0028780 _____ () C:\ProgramData\agent.1488838117.bdinstall.bin
2017-03-07 07:06 - 2017-03-07 07:06 - 0028780 _____ () C:\ProgramData\agent.1488884812.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028780 _____ () C:\ProgramData\agent.1489097528.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028779 _____ () C:\ProgramData\agent.1489097574.bdinstall.bin
2017-03-14 08:59 - 2017-03-14 08:59 - 0028736 _____ () C:\ProgramData\agent.1489496386.bdinstall.bin
2017-03-14 09:22 - 2017-03-14 09:22 - 0028601 _____ () C:\ProgramData\agent.1489497767.bdinstall.bin
2017-03-14 09:23 - 2017-03-14 09:23 - 0028743 _____ () C:\ProgramData\agent.1489497792.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028738 _____ () C:\ProgramData\agent.1489838475.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028745 _____ () C:\ProgramData\agent.1489838502.bdinstall.bin
2017-06-02 05:05 - 2017-06-02 05:05 - 0029367 _____ () C:\ProgramData\agent.update.1496394339.bdinstall.bin
2017-02-08 22:22 - 2017-02-08 22:22 - 0368084 _____ () C:\ProgramData\cl.1486606757.bdinstall.bin
2017-03-09 18:16 - 2017-03-09 18:16 - 0380034 _____ () C:\ProgramData\cl.repair.1489097691.bdinstall.bin
2017-03-14 09:20 - 2017-03-14 09:20 - 0215144 _____ () C:\ProgramData\cl.uninstall.1489497341.bdinstall.bin
2016-06-29 17:22 - 2016-06-29 17:23 - 1271840 _____ () C:\ProgramData\hpdam_install_log.txt
2016-06-29 17:22 - 2016-06-29 17:22 - 0272336 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-02 18:17
 

==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017

Ran by Tim (12-06-2017 08:31:30)
Running from C:\Users\Tim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-20 19:14:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Disabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.6.12 - Bitdefender)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EarthLink Accelerator (HKLM-x32\...\EarthLink Accelerator) (Version:  - )
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.100 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.14.41 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version:  - WOLFCODERS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-14 09:24 - 2016-04-16 21:07 - 00280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-03-14 09:24 - 2017-02-07 12:29 - 01008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-03-14 09:24 - 2017-02-07 12:29 - 00541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-03-14 09:24 - 2017-02-07 12:29 - 03243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-03-14 09:24 - 2017-02-07 12:29 - 01544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2014-02-05 15:56 - 2014-02-05 15:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-03-21 06:19 - 2017-03-21 06:19 - 00178128 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\Users\Tim\Desktop\glasswire-free-firewall_1.2.96.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Desktop\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\adwcleaner_6.046.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-adwc.adwc100.3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\winupdatefix_1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mbar-1.09.3.1001.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\deere.com -> hxxps://jdparts.deere.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\flhsmv.gov -> hxxps://www.flhsmv.gov
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\hdonline.to -> hxxps://hdonline.to
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\pch.com -> hxxp://search.pch.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\usa4sale.net -> hxxp://contact.usa4sale.net
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-05 12:28 - 2017-06-08 17:02 - 00000033 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: HPFSService => 2
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files (x86)\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6F44F3E-63AD-4480-8981-1F8E4BC156A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92635564-B32B-4941-8709-EDC3534DA1F7}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{0F7C25B6-D55C-4599-808E-70473E50600B}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{50E9D51B-9089-4C78-8F73-3E2E5E0D42C5}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{3D066DB3-3078-49D4-A3A6-AF4075CB1645}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{9A373D22-61C3-4F8B-BBEF-1D2CEC770DB5}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{82B69666-6A08-4AB4-B240-B287A8D13E38}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{D32E408E-6053-455A-990F-9F46633386D8}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{38B50817-1FA9-4CB1-B36F-FAF8288E99E7}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{BDD0E46F-885B-4696-ADCE-C508C1F9F12A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{953F6506-888F-4867-B3B2-8E82E4E25263}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{08BCF83E-E091-4FAC-9D79-87F5D20AEE8C}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{AA04C2EA-8C48-467B-BC95-EDBCA22C98B5}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{8FD07A63-7436-47CF-BA1F-834A0A492F69}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{ACF8D3C4-FF9A-4CD3-8EA4-28D0784A5E00}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{B3C0EE64-66A1-4F53-9ABE-C6637AB3FABA}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{91069DC4-8EB5-4A7C-8804-CA63B1DB68C0}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6B43B3CE-DC50-45A5-8B9C-BBF6E68A2E22}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{E2AFA9F5-1B1B-4500-8997-4963CA7BCF15}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{285830EF-6348-490E-AF3E-A4E3BD091FBF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{2A1B1D2E-C4D7-42AF-9D46-A4D9F1592ACF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{C962AA5F-D716-4894-A777-9980540483E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D8BB9E0F-2592-4C32-B96F-AE69B073FAE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EDE067A-8C7B-43BB-A5B7-58D0CC51B633}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E81B4361-07C3-4BFB-8571-B70DD4167B3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9C94891-2C9B-40CE-8333-9A41D4FBA565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DD7DB7A0-CA86-416B-BBD9-BA1D7B2C6E53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFEDAD6-0BEB-4578-B149-3AB62C1B7D85}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C8501CF7-59E4-43E0-AA45-EE26755E751F}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{905779AE-D66A-4666-9FFB-56A8610A6FBA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{C90C27C3-BCC7-4ACE-9E22-2C7488FE70FA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{072E5150-569C-4950-833F-437FEC13136A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{D779D332-B00D-4FCC-8F0D-2038BDD79CD7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{25ABBA34-5506-420A-AA0A-93D0A7088E21}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92086CBF-6C8E-46CE-86EA-FAC5797DB131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BD19296-35AA-446C-BCC4-23BCCEAE53A3}] => (Allow) C:\Program Files\Opera\45.0.2552.881\opera.exe
FirewallRules: [{26BE28BC-BE97-4D1D-BD8E-90F9C06978D4}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
 
==================== Restore Points =========================
 
09-06-2017 07:00:14 Windows Update
09-06-2017 22:42:28 Windows Update
10-06-2017 07:00:14 Windows Update
10-06-2017 21:14:13 Removed Adobe Acrobat Reader DC.
11-06-2017 07:00:12 Windows Update
11-06-2017 23:11:52 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/12/2017 07:54:51 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/12/2017 07:43:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2017 04:17:15 PM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/11/2017 04:07:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/10/2017 09:46:53 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/10/2017 05:17:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/09/2017 07:50:48 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/09/2017 05:13:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/08/2017 07:14:28 PM) (Source: flcdlock) (EventID: 1069) (User: )
Description: Current SID profile operation failed with unknown exception.
 
Error: (06/08/2017 07:14:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/12/2017 07:44:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Atc
 
Error: (06/11/2017 11:13:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: 2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264).
 
Error: (06/11/2017 11:12:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/11/2017 04:07:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Atc
 
Error: (06/11/2017 04:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (06/11/2017 04:06:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (06/11/2017 04:06:26 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/11/2017 04:06:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/11/2017 04:06:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/11/2017 04:06:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
 
CodeIntegrity:
===================================
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7612.08 MB
Available physical RAM: 5060.77 MB
Total Virtual: 15222.35 MB
Available Virtual: 12488.2 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:856 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
 

==================== End of Addition.txt ============================


Edited by bonezz777, 12 June 2017 - 07:35 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10-20 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
 

  • 1

#3
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi, I don't know anything about this stuff, but i'll try;..Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 86.26 0 K 24 K 0
GWCtlSrv.exe 3.67 45,464 K 48,420 K 1856 GlassWire Control Service SecureMix LLC (Verified) GlassWire
procexp64.exe 2.22 30,680 K 49,564 K 8100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
sidebar.exe 1.72 30,040 K 42,968 K 3668 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
flcdlock.exe 1.01 5,588 K 12,596 K 2756 HP Device Access Manager Hewlett-Packard Company (Verified) Hewlett-Packard Company
EvtEng.exe 0.60 5,724 K 13,264 K 1324 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
System 0.60 180 K 2,128 K 4
GWIdlMon.exe 0.56 13,432 K 15,504 K 5452 GlassWire Computer Idle Monitor SecureMix LLC (Verified) GlassWire
GlassWire.exe 0.50 40,964 K 49,448 K 3764 GlassWire SecureMix LLC (Verified) GlassWire
svchost.exe 0.50 231,904 K 240,592 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.46 31,276 K 34,800 K 3992 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.38 0 K 0 K n/a Hardware Interrupts and DPCs
lsass.exe 0.30 5,772 K 13,876 K 808 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.28 3,428 K 15,720 K 712 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.23 11,568 K 15,572 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.18 24,196 K 21,808 K 628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.15 65,908 K 78,404 K 6956 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.12 31,896 K 49,776 K 4016 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.07 243,224 K 265,260 K 1564 Google Chrome Google Inc. (Verified) Google Inc
SUPERANTISPYWARE.EXE 0.05 95,332 K 5,580 K 3592 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) SUPERAntiSpyware.com
svchost.exe 0.03 10,236 K 17,732 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,940 K 8,920 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
vsservppl.exe 0.02 19,516 K 23,560 K 2652 Bitdefender Correlation Service Bitdefender (Verified) Bitdefender SRL
svchost.exe 0.02 49,324 K 30,776 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 260,916 K 168,548 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
vsserv.exe 0.01 323,544 K 204,816 K 2552 Bitdefender Security Service Bitdefender (Verified) Bitdefender SRL
chrome.exe 0.01 71,620 K 81,808 K 5252 Google Chrome Google Inc. (Verified) Google Inc
SASCore64.exe 0.01 2,952 K 5,512 K 1948 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
mbamtray.exe 0.01 18,176 K 26,972 K 2236 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
chrome.exe 0.01 76,076 K 128,812 K 4588 Google Chrome Google Inc. (Verified) Google Inc
taskhost.exe < 0.01 16,084 K 18,112 K 3732 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
agr64svc.exe < 0.01 1,184 K 3,068 K 1996 LSI Soft Modem Call Progress Service LSI Corporation (Verified) LSI Corporation
SearchIndexer.exe < 0.01 57,132 K 50,384 K 4440 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 5,848 K 4,384 K 5564 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,376 K 11,796 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 2,860 K 4,756 K 820 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
updatesrv.exe < 0.01 8,628 K 8,904 K 2448 Bitdefender Update Service Bitdefender (Verified) Bitdefender SRL
bdagent.exe < 0.01 16,576 K 22,268 K 5184 bdagent.exe Bitdefender (Verified) Bitdefender SRL
csrss.exe < 0.01 2,768 K 5,244 K 612 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe < 0.01 47,320 K 65,220 K 2872 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
ZeroConfigService.exe 8,680 K 18,576 K 376 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
wuauclt.exe 2,428 K 7,324 K 7956 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,964 K 10,112 K 3160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 6,284 K 15,540 K 1660 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,776 K 8,296 K 780 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,724 K 4,748 K 688 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,892 K 5,616 K 3816 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 52,572 K 52,756 K 1908 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
tbaseprovisioning.exe 18,776 K 27,376 K 700 tbaseprovisioning Advanced Micro Devices, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 6,256 K 12,100 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,780 K 6,248 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,908 K 10,572 K 920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,000 K 14,268 K 1772 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 544 K 1,240 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,412 K 9,404 K 744 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 13,452 K 11,160 K 3448 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 2,040 K 5,508 K 1336 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RegSrvc.exe 2,064 K 7,284 K 2368 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe 15,020 K 12,192 K 1360 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ProductAgentService.exe 7,176 K 14,572 K 2320 Bitdefender Agent Bitdefender (Verified) Bitdefender SRL
procexp.exe 4,120 K 8,504 K 7876 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
jusched.exe 2,308 K 5,468 K 3704 Java Update Scheduler Oracle Corporation (Verified) Oracle America
HPSupportSolutionsFrameworkService.exe 55,800 K 52,104 K 3216 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HP.ProtectTools.DeviceAccessManager.ServiceHost.exe 19,724 K 22,464 K 5372 HP.ProtectTools.DeviceAccessManager.ServiceHost Hewlett-Packard Development Company (Verified) Hewlett-Packard Company
DpHostW.exe 16,148 K 25,560 K 1076 DigitalPersona Local Host DigitalPersona, Inc. (Verified) DigitalPersona
DpCardEngine.exe 3,820 K 8,608 K 2068 DigitalPersona Card Engine DigitalPersona, Inc. (Verified) DigitalPersona
conhost.exe 1,076 K 2,968 K 1668 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 2,900 K 4,492 K 5816 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 4,756 K 7,116 K 4284 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,980 K 7,724 K 5416 Google Chrome Google Inc. (Verified) Google Inc
BingSvc.exe 3,416 K 10,256 K 3468 Microsoft Bing Service © 2015 Microsoft Corporation (Verified) Microsoft Corporation
atiesrxx.exe 1,632 K 5,004 K 200 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,640 K 7,672 K 1456 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
AERTSr64.exe 1,284 K 3,096 K 1968 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP

Sorry. lost your reply.

 

I would uninstall GlassWire 1.2.  It's using a lot of CPU and is not needed since you have BitDefender.  

Also get rid of SUPERANTISPYWARE.

Also kill off Sidebar.  Microsoft gave up on it long ago as a security risk.  https://www.howtogee...s-on-windows-7/

 

There may be a firmware update for your hard drive.  Go to:

 

http://www.seagate.c...es/desktop-hdd/

 

and put in your serial number.  http://www.seagate.c...d-model-number/tells how to find your serial number.

 

BC
Attribute name Command Timeout
Real value 121
Current 100
Worst 99
Threshold 0
Raw Value 0000000079
Status Good

 

 

 

This eventually seems to be a problem with all Seagate drives.  The claim is that it's caused by bad wiring or dirty connectors so you might try unplugging and replugging the SATA connectors but I sort of doubt it.  I think it's a weakness in the drives.  Perhaps the firmware update (if there is one) will help.   Check it in speccy once in a while and see if it is getting worse.  

 

You left your Windows serial number in the speccy log so I am going to delete it.  

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
Regardless of the SFC result:
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/06/2017 10:54:02 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/06/2017 10:46:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2017 1:38:52 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Atc
 
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Log: 'System' Date/Time: 25/06/2017 1:37:45 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP Device Access Manager Usage Service service terminated unexpectedly. It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The HP Device Locking / Auditing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:35 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:35 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:35 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 25/06/2017 1:47:35 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 24/06/2017 8:38:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 24/06/2017 10:20:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 23/06/2017 5:22:00 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 23/06/2017 3:10:06 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 23/06/2017 3:10:06 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 23/06/2017 12:43:04 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 22/06/2017 5:30:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 22/06/2017 2:50:45 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 22/06/2017 2:50:45 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 21/06/2017 3:19:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 21/06/2017 3:19:06 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 21/06/2017 3:17:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 21/06/2017 12:27:50 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 21/06/2017 11:00:15 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 21/06/2017 2:18:52 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 20/06/2017 10:47:11 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 20/06/2017 10:47:11 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 20/06/2017 9:55:20 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP

Please reply to this thread.  Do not PM me unless a scan shows info you need to keep secret.

 

Did you find a firmware update for your hard drive?

 

atc is a BitDefender driver and it's not working so I would reinstall BitDefender.

 

It's possible that the hard drive command timeouts are causing the services to fail.  Can you post a new Speccy log?  Please Attach it and remember to remove the serial number before posting.

 

Windows Media Player Network Sharing Service never seems to work so I would search for

 

services.msc

 

and hit Enter then find Windows Media Player Network Sharing Service and right click and select Properties then change the Startup Type: to Manual or Disabled and then OK.

 

See if you can turn off intel event logging per the instructions:

 

https://www.intel.co.../000007013.html

 

Then clear the alarms ( Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.)

 
Reboot. 
 
Run VEW again as before..

  • 1

#7
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi, I didn't know I "PM" you, I informed you I don't know what I'm doing Sorry...No update available for firmware update; Also when I tried to kill off Sidebar it pulled it up but was white/just blank??; I will run  VEW again &  will get back, Thank You. also, I backspaced & removed the numbers, they was gone I don't know why they showed up;Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 25/06/2017 8:14:34 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/06/2017 8:18:22 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/06/2017 10:54:02 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/06/2017 10:46:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2017 1:38:52 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  Atc
 
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not start due to a logon failure.
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:  The request is not supported.  To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error:  The service did not start due to a logon failure.
 
Log: 'System' Date/Time: 25/06/2017 1:38:06 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported.  To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Log: 'System' Date/Time: 25/06/2017 1:37:45 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP Device Access Manager Usage Service service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The HP Device Locking / Auditing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 25/06/2017 1:37:35 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:35 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The ProductAgentService service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 25/06/2017 1:37:35 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly.  It has done this 1 time(s).
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2017 1:38:07 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 25/06/2017 1:47:35 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 24/06/2017 8:38:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 24/06/2017 10:20:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 23/06/2017 5:22:00 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 23/06/2017 3:10:06 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 23/06/2017 3:10:06 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 23/06/2017 12:43:04 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 22/06/2017 5:30:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 22/06/2017 2:50:45 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 22/06/2017 2:50:45 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 21/06/2017 3:19:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 21/06/2017 3:19:06 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 21/06/2017 3:17:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 21/06/2017 12:27:50 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 21/06/2017 11:00:15 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 21/06/2017 2:18:52 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.Home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 20/06/2017 10:47:11 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 20/06/2017 10:47:11 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 20/06/2017 9:55:20 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 86.26 0 K 24 K 0
GWCtlSrv.exe 3.67 45,464 K 48,420 K 1856 GlassWire Control Service SecureMix LLC (Verified) GlassWire
procexp64.exe 2.22 30,680 K 49,564 K 8100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
sidebar.exe 1.72 30,040 K 42,968 K 3668 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
flcdlock.exe 1.01 5,588 K 12,596 K 2756 HP Device Access Manager Hewlett-Packard Company (Verified) Hewlett-Packard Company
EvtEng.exe 0.60 5,724 K 13,264 K 1324 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
System 0.60 180 K 2,128 K 4
GWIdlMon.exe 0.56 13,432 K 15,504 K 5452 GlassWire Computer Idle Monitor SecureMix LLC (Verified) GlassWire
GlassWire.exe 0.50 40,964 K 49,448 K 3764 GlassWire SecureMix LLC (Verified) GlassWire
svchost.exe 0.50 231,904 K 240,592 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.46 31,276 K 34,800 K 3992 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.38 0 K 0 K n/a Hardware Interrupts and DPCs
lsass.exe 0.30 5,772 K 13,876 K 808 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.28 3,428 K 15,720 K 712 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.23 11,568 K 15,572 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.18 24,196 K 21,808 K 628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.15 65,908 K 78,404 K 6956 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.12 31,896 K 49,776 K 4016 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.07 243,224 K 265,260 K 1564 Google Chrome Google Inc. (Verified) Google Inc
SUPERANTISPYWARE.EXE 0.05 95,332 K 5,580 K 3592 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) SUPERAntiSpyware.com
svchost.exe 0.03 10,236 K 17,732 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,940 K 8,920 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
vsservppl.exe 0.02 19,516 K 23,560 K 2652 Bitdefender Correlation Service Bitdefender (Verified) Bitdefender SRL
svchost.exe 0.02 49,324 K 30,776 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 260,916 K 168,548 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
vsserv.exe 0.01 323,544 K 204,816 K 2552 Bitdefender Security Service Bitdefender (Verified) Bitdefender SRL
chrome.exe 0.01 71,620 K 81,808 K 5252 Google Chrome Google Inc. (Verified) Google Inc
SASCore64.exe 0.01 2,952 K 5,512 K 1948 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
mbamtray.exe 0.01 18,176 K 26,972 K 2236 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
chrome.exe 0.01 76,076 K 128,812 K 4588 Google Chrome Google Inc. (Verified) Google Inc
taskhost.exe < 0.01 16,084 K 18,112 K 3732 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
agr64svc.exe < 0.01 1,184 K 3,068 K 1996 LSI Soft Modem Call Progress Service LSI Corporation (Verified) LSI Corporation
SearchIndexer.exe < 0.01 57,132 K 50,384 K 4440 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 5,848 K 4,384 K 5564 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,376 K 11,796 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 2,860 K 4,756 K 820 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
updatesrv.exe < 0.01 8,628 K 8,904 K 2448 Bitdefender Update Service Bitdefender (Verified) Bitdefender SRL
bdagent.exe < 0.01 16,576 K 22,268 K 5184 bdagent.exe Bitdefender (Verified) Bitdefender SRL
csrss.exe < 0.01 2,768 K 5,244 K 612 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe < 0.01 47,320 K 65,220 K 2872 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
ZeroConfigService.exe 8,680 K 18,576 K 376 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
wuauclt.exe 2,428 K 7,324 K 7956 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,964 K 10,112 K 3160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 6,284 K 15,540 K 1660 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,776 K 8,296 K 780 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,724 K 4,748 K 688 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,892 K 5,616 K 3816 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 52,572 K 52,756 K 1908 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
tbaseprovisioning.exe 18,776 K 27,376 K 700 tbaseprovisioning Advanced Micro Devices, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 6,256 K 12,100 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,780 K 6,248 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,908 K 10,572 K 920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,000 K 14,268 K 1772 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 544 K 1,240 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,412 K 9,404 K 744 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 13,452 K 11,160 K 3448 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 2,040 K 5,508 K 1336 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RegSrvc.exe 2,064 K 7,284 K 2368 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe 15,020 K 12,192 K 1360 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ProductAgentService.exe 7,176 K 14,572 K 2320 Bitdefender Agent Bitdefender (Verified) Bitdefender SRL
procexp.exe 4,120 K 8,504 K 7876 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
jusched.exe 2,308 K 5,468 K 3704 Java Update Scheduler Oracle Corporation (Verified) Oracle America
HPSupportSolutionsFrameworkService.exe 55,800 K 52,104 K 3216 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HP.ProtectTools.DeviceAccessManager.ServiceHost.exe 19,724 K 22,464 K 5372 HP.ProtectTools.DeviceAccessManager.ServiceHost Hewlett-Packard Development Company (Verified) Hewlett-Packard Company
DpHostW.exe 16,148 K 25,560 K 1076 DigitalPersona Local Host DigitalPersona, Inc. (Verified) DigitalPersona
DpCardEngine.exe 3,820 K 8,608 K 2068 DigitalPersona Card Engine DigitalPersona, Inc. (Verified) DigitalPersona
conhost.exe 1,076 K 2,968 K 1668 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 2,900 K 4,492 K 5816 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 4,756 K 7,116 K 4284 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,980 K 7,724 K 5416 Google Chrome Google Inc. (Verified) Google Inc
BingSvc.exe 3,416 K 10,256 K 3468 Microsoft Bing Service © 2015 Microsoft Corporation (Verified) Microsoft Corporation
atiesrxx.exe 1,632 K 5,004 K 200 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,640 K 7,672 K 1456 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
AERTSr64.exe 1,284 K 3,096 K 1968 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by Tim (12-06-2017 08:31:30)
Running from C:\Users\Tim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-20 19:14:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Disabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.6.12 - Bitdefender)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EarthLink Accelerator (HKLM-x32\...\EarthLink Accelerator) (Version:  - )
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.100 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.14.41 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version:  - WOLFCODERS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-14 09:24 - 2016-04-16 21:07 - 00280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-03-14 09:24 - 2017-02-07 12:29 - 01008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-03-14 09:24 - 2017-02-07 12:29 - 00541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-03-14 09:24 - 2017-02-07 12:29 - 03243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-03-14 09:24 - 2017-02-07 12:29 - 01544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2014-02-05 15:56 - 2014-02-05 15:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-03-21 06:19 - 2017-03-21 06:19 - 00178128 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\Users\Tim\Desktop\glasswire-free-firewall_1.2.96.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Desktop\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\adwcleaner_6.046.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-adwc.adwc100.3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\winupdatefix_1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mbar-1.09.3.1001.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\deere.com -> hxxps://jdparts.deere.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\flhsmv.gov -> hxxps://www.flhsmv.gov
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\hdonline.to -> hxxps://hdonline.to
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\pch.com -> hxxp://search.pch.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\usa4sale.net -> hxxp://contact.usa4sale.net
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-05 12:28 - 2017-06-08 17:02 - 00000033 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: HPFSService => 2
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files (x86)\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6F44F3E-63AD-4480-8981-1F8E4BC156A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92635564-B32B-4941-8709-EDC3534DA1F7}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{0F7C25B6-D55C-4599-808E-70473E50600B}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{50E9D51B-9089-4C78-8F73-3E2E5E0D42C5}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{3D066DB3-3078-49D4-A3A6-AF4075CB1645}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{9A373D22-61C3-4F8B-BBEF-1D2CEC770DB5}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{82B69666-6A08-4AB4-B240-B287A8D13E38}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{D32E408E-6053-455A-990F-9F46633386D8}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{38B50817-1FA9-4CB1-B36F-FAF8288E99E7}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{BDD0E46F-885B-4696-ADCE-C508C1F9F12A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{953F6506-888F-4867-B3B2-8E82E4E25263}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{08BCF83E-E091-4FAC-9D79-87F5D20AEE8C}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{AA04C2EA-8C48-467B-BC95-EDBCA22C98B5}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{8FD07A63-7436-47CF-BA1F-834A0A492F69}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{ACF8D3C4-FF9A-4CD3-8EA4-28D0784A5E00}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{B3C0EE64-66A1-4F53-9ABE-C6637AB3FABA}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{91069DC4-8EB5-4A7C-8804-CA63B1DB68C0}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6B43B3CE-DC50-45A5-8B9C-BBF6E68A2E22}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{E2AFA9F5-1B1B-4500-8997-4963CA7BCF15}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{285830EF-6348-490E-AF3E-A4E3BD091FBF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{2A1B1D2E-C4D7-42AF-9D46-A4D9F1592ACF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{C962AA5F-D716-4894-A777-9980540483E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D8BB9E0F-2592-4C32-B96F-AE69B073FAE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EDE067A-8C7B-43BB-A5B7-58D0CC51B633}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E81B4361-07C3-4BFB-8571-B70DD4167B3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9C94891-2C9B-40CE-8333-9A41D4FBA565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DD7DB7A0-CA86-416B-BBD9-BA1D7B2C6E53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFEDAD6-0BEB-4578-B149-3AB62C1B7D85}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C8501CF7-59E4-43E0-AA45-EE26755E751F}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{905779AE-D66A-4666-9FFB-56A8610A6FBA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{C90C27C3-BCC7-4ACE-9E22-2C7488FE70FA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{072E5150-569C-4950-833F-437FEC13136A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{D779D332-B00D-4FCC-8F0D-2038BDD79CD7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{25ABBA34-5506-420A-AA0A-93D0A7088E21}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92086CBF-6C8E-46CE-86EA-FAC5797DB131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BD19296-35AA-446C-BCC4-23BCCEAE53A3}] => (Allow) C:\Program Files\Opera\45.0.2552.881\opera.exe
FirewallRules: [{26BE28BC-BE97-4D1D-BD8E-90F9C06978D4}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
 
==================== Restore Points =========================
 
09-06-2017 07:00:14 Windows Update
09-06-2017 22:42:28 Windows Update
10-06-2017 07:00:14 Windows Update
10-06-2017 21:14:13 Removed Adobe Acrobat Reader DC.
11-06-2017 07:00:12 Windows Update
11-06-2017 23:11:52 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/12/2017 07:54:51 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/12/2017 07:43:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2017 04:17:15 PM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/11/2017 04:07:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/10/2017 09:46:53 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/10/2017 05:17:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/09/2017 07:50:48 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/09/2017 05:13:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/08/2017 07:14:28 PM) (Source: flcdlock) (EventID: 1069) (User: )
Description: Current SID profile operation failed with unknown exception.
 
Error: (06/08/2017 07:14:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/12/2017 07:44:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Atc
 
Error: (06/11/2017 11:13:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: 2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264).
 
Error: (06/11/2017 11:12:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/11/2017 04:07:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Atc
 
Error: (06/11/2017 04:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (06/11/2017 04:06:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (06/11/2017 04:06:26 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/11/2017 04:06:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/11/2017 04:06:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (06/11/2017 04:06:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
 
CodeIntegrity:
===================================
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7612.08 MB
Available physical RAM: 5060.77 MB
Total Virtual: 15222.35 MB
Available Virtual: 12488.2 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:856 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
 
==================== End of Addition.txt ============================ I know I have TOO much stuff on my desktop I'm confused what I did/didn't do,  I disabled Bitdefender and installed Avira is that better, also "why" did you want me to delete superantispyware ? It catches a bunch of stuff?    .....Tim

Attached Thumbnails

  • SNAG-17062520375400.png

Edited by bonezz777, 25 June 2017 - 06:46 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP

Make sure you uninstall bitdefender and not just disable it.  

 

SuperAntiSpyware and I are not friends.  Mostly it just finds a bunch of cookies which are harmless and they have a history of suing people who give them bad reviews.

 

It looks like you may not have rebooted after clearing the alarms.  Could you reboot then run VEW again?  Please do not post old logs (you can delete them so you don't get confused)

 

When my desktop gets cluttered I create a folder called Junk and move all of the shortcuts and such that I don't use very often to the Junk folder.  Safer than deleting them since they are still there if I need them.


  • 1

#9
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

hi,Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 25/06/2017 11:05:57 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/06/2017 2:54:31 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 26/06/2017 2:52:00 AM
Type: Error Category: 0
Event: 20 Source: volsnap
The shadow copies of volume D: were aborted because of a failed free space computation.
 
Log: 'System' Date/Time: 26/06/2017 2:51:59 AM
Type: Error Category: 0
Event: 20 Source: volsnap
The shadow copies of volume D: were aborted because of a failed free space computation.
 
Log: 'System' Date/Time: 26/06/2017 2:17:50 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
 
Log: 'System' Date/Time: 26/06/2017 2:17:50 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
 
Log: 'System' Date/Time: 26/06/2017 2:17:42 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/06/2017 2:54:39 AM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user Tim-HP\Tim to restart/shutdown computer TIM-HP failed My computer is acting nuts...Gnight

Edited by bonezz777, 25 June 2017 - 09:22 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP

Can you run VEW for Applications.

 

Also can I see a new FRST scan with Addition.txt checked.?


  • 1

Advertisements


#11
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi, Run Just VEW for Applications., or do you want anything else checked off? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01

Ran by Tim (administrator) on TIM-HP (26-06-2017 08:56:53)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim & Guest (Available Profiles: Tim & General Log In & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(The OpenVPN Project) C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\MountPoints2: {2301f08c-46ea-11e6-b913-a0d3c14a78f6} - WinCleaner Application Setup.exe
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3386813744-1969293527-735481815-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2017-06-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3386813744-1969293527-735481815-1001] => http=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{7C0566C2-7D23-414D-B4B4-2CD1F8917416}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{B8692A19-E7CA-4985-B46C-556A84D4EF53}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1486642584294
 
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default [2016-10-26]
FF Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2016-12-04]
FF Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-06-25]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-06-25]
CHR Extension: (FedEx 
 Email/Online Label 
 Shipping...) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaafagmnojmnjepbehlplcmoklcacbl [2017-06-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-21]
CHR Extension: (Click&Clean) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-06-01]
CHR Extension: (History Eraser) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-06-23]
CHR Extension: (J2TeaM Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlcjjclebjnfohgmgikjfnbmfkigocc [2017-06-08]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-06-25]
CHR Extension: (Cyber Security News by Gold Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehljakhaojdgjoggcpnbjkehgglbfb [2017-05-28]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Click&Clean App) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-23]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-10]
 
Opera: 
=======
OPR Extension: (Stormcrow) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2017-04-18]
OPR Extension: (360 Internet Protection) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-06-25]
OPR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2016-10-25]
OPR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-06-25]
OPR Extension: (Privacy Badger) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2017-06-25]
OPR Extension: (SurfPatrol) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pafbnmdfbmigjdbkhkchclhpmfcoageo [2017-01-16]
OPR Extension: (Privacy Cleaner) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdomeailoegpefbldkonkajkcolkbmhi [2017-01-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-10] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51208 2017-01-10] (Advanced Micro Devices, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [95112 2017-01-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [254344 2017-01-10] (Advanced Micro Devices, Inc. )
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-06-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-06-02] (Avira Operations GmbH & Co. KG)
R3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-05-18] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 08:56 - 2017-06-26 08:57 - 00023322 _____ C:\Users\Tim\Desktop\FRST.txt
2017-06-26 08:56 - 2017-06-26 08:56 - 00000000 ____D C:\Users\Tim\Desktop\FRST-OlderVersion
2017-06-26 07:45 - 2017-06-26 07:46 - 20612608 _____ (Adobe Systems Incorporated) C:\Users\Tim\Downloads\install_flash_player_ppapi.exe
2017-06-25 22:56 - 2017-06-25 22:56 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 22:24 - 2017-06-26 08:32 - 00000000 ____D C:\Users\Tim\Desktop\New folder junk files
2017-06-25 22:21 - 2017-06-25 22:21 - 00030354 _____ C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-25 21:22 - 2017-06-25 21:22 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Avira
2017-06-25 13:36 - 2017-06-02 19:05 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-25 13:30 - 2017-06-25 13:30 - 00002156 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-06-25 13:29 - 2017-06-25 13:29 - 00003506 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-06-25 13:29 - 2017-06-25 13:29 - 00003378 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-06-25 13:28 - 2017-06-26 07:34 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-25 13:28 - 2017-06-25 13:28 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-06-25 13:28 - 2017-06-25 13:28 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-06-25 13:27 - 2017-06-25 13:27 - 00002086 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-06-25 13:27 - 2017-06-25 13:27 - 00001048 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Avira
2017-06-25 13:25 - 2017-06-25 13:25 - 00001212 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-25 13:23 - 2017-06-25 13:23 - 04799712 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tim\Desktop\avira_en_fass0_58e0ec4c4ec59__ws.exe
2017-06-25 10:54 - 2017-06-25 23:06 - 00001894 _____ C:\VEW.txt
2017-06-25 10:51 - 2017-06-25 10:51 - 00061440 _____ ( ) C:\Users\Tim\Desktop\VEW.exe
2017-06-25 10:18 - 2017-06-25 10:18 - 00001409 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-06-25 10:16 - 2017-06-25 10:17 - 26157600 _____ C:\Users\Tim\Desktop\SeaToolsforWindowsSetup.exe
2017-06-20 19:08 - 2017-06-20 19:08 - 00000057 _____ C:\ProgramData\Ament.ini
2017-06-20 19:08 - 2017-06-20 19:08 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Hewlett-Packard
2017-06-20 19:06 - 2017-06-20 19:07 - 48748328 _____ C:\Users\Tim\Desktop\DJ1000_J110_1313-1.exe
2017-06-20 18:15 - 2017-06-20 19:08 - 00003610 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series
2017-06-20 18:15 - 2017-06-20 18:22 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-06-20 18:15 - 2017-06-20 18:15 - 00001105 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-06-20 18:15 - 2017-06-20 18:15 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-06-20 18:14 - 2017-06-20 19:08 - 00002280 _____ C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 19:08 - 00001202 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\Program Files\HP
2017-06-20 15:43 - 2017-06-20 15:43 - 00002640 _____ C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk
2017-06-20 15:43 - 2017-06-20 15:43 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-18 11:36 - 2017-06-18 11:36 - 00900704 _____ (Seagate Technology) C:\Users\Tim\Desktop\drivedetect.exe
2017-06-14 06:31 - 2017-06-25 20:04 - 00000000 ____D C:\Program Files\Speccy
2017-06-14 06:31 - 2017-06-14 06:31 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-06-14 06:31 - 2017-06-14 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-06-14 06:29 - 2017-06-14 06:29 - 06293184 _____ (Piriform Ltd) C:\Users\Tim\Desktop\spsetup130.exe
2017-06-14 05:48 - 2017-06-14 05:48 - 02724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Tim\Desktop\procexp.exe
2017-06-12 17:55 - 2017-06-12 17:55 - 00030951 _____ C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-12 08:29 - 2017-06-26 08:56 - 00000000 ____D C:\FRST
2017-06-12 08:27 - 2017-06-26 08:56 - 02441216 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2017-06-08 18:50 - 2017-06-08 18:47 - 00000030 _____ C:\AVScanner.ini
2017-06-08 16:30 - 2017-06-26 08:54 - 00000000 ____D C:\Users\Tim\AppData\Local\FSDART
2017-06-08 16:30 - 2017-06-08 16:31 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2017-06-08 16:07 - 2017-06-08 16:05 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-06-08 15:34 - 2017-06-08 15:35 - 00524248 _____ (F-Secure Corporation) C:\Users\Tim\Desktop\F-SecureOnlineScanner.exe
2017-06-06 13:57 - 2017-06-06 13:57 - 00313366 _____ C:\Users\Tim\Downloads\WindowsUpdate.diagcab
2017-05-27 14:25 - 2017-05-27 14:25 - 00000000 ____D C:\Users\Tim\AppData\Local\Microsoft Corporation
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:33 - 2017-01-31 11:24 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 07:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-25 23:31 - 2015-12-12 03:28 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-25 22:56 - 2016-10-26 04:50 - 00000000 ____D C:\Users\Tim\AppData\Local\Avira
2017-06-25 21:08 - 2016-10-26 05:38 - 00016328 _____ C:\Windows\SysWOW64\Defrag.debuglog
2017-06-25 13:47 - 2016-04-21 12:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\hpqLog
2017-06-25 13:36 - 2016-10-26 03:40 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-25 13:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-25 13:25 - 2016-03-20 05:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 09:37 - 2016-05-28 09:30 - 00000000 ____D C:\AdwCleaner
2017-06-24 07:06 - 2017-02-21 11:34 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTim
2017-06-24 07:06 - 2017-02-21 11:34 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForTim.job
2017-06-20 19:08 - 2016-01-25 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-20 19:08 - 2015-12-12 03:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-06-20 18:47 - 2017-02-16 11:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-20 18:15 - 2015-12-12 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-20 17:50 - 2016-05-20 14:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-06-20 17:50 - 2015-12-12 03:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-06-20 17:50 - 2015-12-12 03:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-06-20 17:50 - 2015-12-12 03:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-06-20 15:56 - 2015-12-28 16:22 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2017-06-18 10:05 - 2016-12-14 11:00 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1481727622
2017-06-18 10:05 - 2016-12-14 10:59 - 00000000 ____D C:\Program Files\Opera
2017-06-18 09:59 - 2015-12-12 03:30 - 00000000 ____D C:\Windows\tbaseregistry
2017-06-18 09:57 - 2015-12-12 03:31 - 26213345 _____ C:\Windows\SysWOW64\rootpa.e2e
2017-06-18 09:46 - 2016-01-12 12:30 - 00000000 ___RD C:\Users\Tim\Documents\Scanned Documents
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 07:09 - 2016-01-05 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 07:07 - 2016-01-31 19:50 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 07:02 - 2016-06-05 13:32 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-10 21:15 - 2017-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-10 21:13 - 2016-05-24 12:34 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Adobe
2017-06-10 21:13 - 2016-03-05 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-10 21:13 - 2015-12-28 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 20:55 - 2016-01-07 08:12 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-06-08 18:28 - 2016-11-02 15:07 - 03255948 _____ C:\Windows\ntbtlog.txt
2017-06-08 16:17 - 2016-12-05 11:49 - 00000000 ____D C:\Program Files\Java
2017-06-08 16:17 - 2016-04-08 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-08 16:07 - 2016-04-08 13:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-08 16:05 - 2016-12-05 11:50 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-06-08 16:05 - 2016-12-05 11:50 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-06-08 16:04 - 2016-04-08 13:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-06 13:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-06 12:38 - 2017-01-31 11:24 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-28 06:53 - 2017-02-11 09:30 - 00000000 ____D C:\SUPERDelete
 
==================== Files in the root of some directories =======
 
2017-02-08 21:17 - 2017-02-08 21:17 - 0046788 _____ () C:\ProgramData\agent.1486603026.bdinstall.bin
2017-02-08 21:36 - 2017-02-08 21:36 - 0028706 _____ () C:\ProgramData\agent.1486604163.bdinstall.bin
2017-02-08 21:37 - 2017-02-08 21:37 - 0028778 _____ () C:\ProgramData\agent.1486604202.bdinstall.bin
2017-02-08 22:18 - 2017-02-08 22:18 - 0028778 _____ () C:\ProgramData\agent.1486606720.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821554.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821588.bdinstall.bin
2017-02-12 05:55 - 2017-02-12 05:55 - 0028779 _____ () C:\ProgramData\agent.1486893287.bdinstall.bin
2017-02-16 11:48 - 2017-02-16 11:48 - 0028497 _____ () C:\ProgramData\agent.1487260113.bdinstall.bin
2017-02-16 11:49 - 2017-02-16 11:49 - 0028427 _____ () C:\ProgramData\agent.1487260177.bdinstall.bin
2017-02-16 12:49 - 2017-02-16 12:49 - 0028780 _____ () C:\ProgramData\agent.1487263757.bdinstall.bin
2017-02-16 12:50 - 2017-02-16 12:50 - 0028780 _____ () C:\ProgramData\agent.1487263804.bdinstall.bin
2017-02-16 18:58 - 2017-02-16 18:58 - 0028780 _____ () C:\ProgramData\agent.1487285925.bdinstall.bin
2017-02-17 13:08 - 2017-02-17 13:08 - 0028780 _____ () C:\ProgramData\agent.1487351306.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:07 - 0028780 _____ () C:\ProgramData\agent.1487628430.bdinstall.bin
2017-03-03 09:42 - 2017-03-03 09:42 - 0028780 _____ () C:\ProgramData\agent.1488548516.bdinstall.bin
2017-03-04 11:39 - 2017-03-04 11:39 - 0028780 _____ () C:\ProgramData\agent.1488641969.bdinstall.bin
2017-03-06 18:07 - 2017-03-06 18:07 - 0028780 _____ () C:\ProgramData\agent.1488838053.bdinstall.bin
2017-03-06 18:08 - 2017-03-06 18:08 - 0028780 _____ () C:\ProgramData\agent.1488838117.bdinstall.bin
2017-03-07 07:06 - 2017-03-07 07:06 - 0028780 _____ () C:\ProgramData\agent.1488884812.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028780 _____ () C:\ProgramData\agent.1489097528.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028779 _____ () C:\ProgramData\agent.1489097574.bdinstall.bin
2017-03-14 08:59 - 2017-03-14 08:59 - 0028736 _____ () C:\ProgramData\agent.1489496386.bdinstall.bin
2017-03-14 09:22 - 2017-03-14 09:22 - 0028601 _____ () C:\ProgramData\agent.1489497767.bdinstall.bin
2017-03-14 09:23 - 2017-03-14 09:23 - 0028743 _____ () C:\ProgramData\agent.1489497792.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028738 _____ () C:\ProgramData\agent.1489838475.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028745 _____ () C:\ProgramData\agent.1489838502.bdinstall.bin
2017-06-25 22:21 - 2017-06-25 22:21 - 0030354 _____ () C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-12 17:55 - 2017-06-12 17:55 - 0030951 _____ () C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-20 19:08 - 2017-06-20 19:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-02-08 22:22 - 2017-02-08 22:22 - 0368084 _____ () C:\ProgramData\cl.1486606757.bdinstall.bin
2017-03-09 18:16 - 2017-03-09 18:16 - 0380034 _____ () C:\ProgramData\cl.repair.1489097691.bdinstall.bin
2017-03-14 09:20 - 2017-03-14 09:20 - 0215144 _____ () C:\ProgramData\cl.uninstall.1489497341.bdinstall.bin
2016-06-29 17:22 - 2016-06-29 17:23 - 1271840 _____ () C:\ProgramData\hpdam_install_log.txt
2016-06-29 17:22 - 2016-06-29 17:22 - 0272336 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 08:26
 
==================== End of FRST.txt ============================      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Tim (26-06-2017 08:57:41)
Running from C:\Users\Tim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-20 19:14:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Disabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.8.2.29275 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.5.3029.2783 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.0.5478 - Avira Operations GmbH & Co. KG)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EarthLink Accelerator (HKLM-x32\...\EarthLink Accelerator) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.19.3 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version:  - WOLFCODERS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07999E06-7CD6-4BE2-9213-12FF183808BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {220ECEBE-27F2-49F6-B940-105C91A5710F} - System32\Tasks\{AD6719E0-A35B-4FB0-9469-F3ECA6E98920} => F:\Setup.exe
Task: {2BDFECED-24B7-4D8C-9025-C1502F04228B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2F177236-8AEA-4439-9CD0-BDEF1C7C0257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {36A095E9-8583-4F7B-AAAC-3C11076EE515} - System32\Tasks\{A54828EC-DF0D-4800-BCD0-8A56F560D437} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {385C2FE5-95C0-4665-B925-80CEDA035EB5} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {3D11CE46-87BC-4C8D-A998-1334CBECE846} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {3D67B3E7-C05E-44C0-86C3-41EA2295BFD7} - System32\Tasks\{2B4A8FF7-D501-46FB-9AE4-9518FE895316} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {3FD481D7-33C8-4B55-83D1-6ADEA73CD958} - System32\Tasks\Opera scheduled Autoupdate 1481727622 => C:\Program Files\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {4E5A5561-7AF6-4C58-9FBD-05CBFB188944} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4EA0DEA2-1FE1-4122-84C3-EECC5E56C6CF} - System32\Tasks\{1C7D4D19-C8E6-455D-A53C-6BADA3C107E5} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {6648098E-9C85-4D31-9D29-15910CBE5E3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6BF91CFD-DFEF-4CA8-A3A0-E810147FE45E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6BFCB507-58F4-4919-B4AC-5C9FB9D28F0C} - System32\Tasks\{A55B9265-8122-42BB-B1F3-07F7E45F3706} => Iexplore.exe hxxps://ui.skype.com/ui/0/7.32.0.104/en/eula?source=lightinstaller
Task: {6C339922-6108-4341-867F-16536565B946} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
Task: {75A91597-6A9A-45C0-8C0C-F6B1B466A192} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {7656ADD2-637A-49B9-BD5B-2163FC5FC827} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {76637EEE-D769-4FF1-87A0-B618D5210B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7905813F-3B6D-486B-8E94-A99FCD531A2F} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {81F28D25-FD76-46E0-9A94-7CFBD52AD198} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8773223F-C0F6-4256-B6AE-37485593ED18} - System32\Tasks\{B1BDA461-F2FB-4735-911B-8466740BEE40} => pcalua.exe -a F:\ISP5900\setup.exe -d F:\ISP5900
Task: {878D9DF9-D68A-43FF-9FA6-46EACB45D8CE} - System32\Tasks\{63BBADBD-CE52-4A80-BA74-A575FC495A84} => F:\Setup.exe
Task: {8A378C3D-49EF-4E60-8D81-262E5144498E} - System32\Tasks\{46A17704-B290-4506-9618-5701D9CA2AD2} => F:\Setup.exe
Task: {8DD566CA-2A83-4148-86AC-DDB5D3C322BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {91245DE5-488E-4A6D-B6F4-7DED8F800C96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {91865B85-37EF-4B20-9F1E-CAD158966E73} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\1 => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {92A5803E-5154-441D-983A-B74D0B2F9E1B} - System32\Tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0} => C:\Users\General Log In\Downloads\SUPERAntiSpyware.exe
Task: {9B578603-B351-47C9-88B1-4C64952A44E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A398B473-F52B-4FD1-AEB9-A800E460F84E} - System32\Tasks\{AFB67468-FA1C-44FC-8F3D-F1A849BC465F} => F:\Setup.exe
Task: {AA854452-7584-4BA7-A8FD-BAC70A4D580F} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {ABEE2E06-9083-4E46-BC19-0049023C84E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AE9DC7A8-FA4F-42AD-ACF2-9B838FCD2522} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB343A67-670A-46A9-87D7-158AF9A9EC79} - System32\Tasks\{729BA09E-DBAC-4313-9C6E-3892146BD40A} => F:\Setup.exe
Task: {BC860C8E-EC1D-4646-A9A1-B48BEA459B70} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-06-25] (Avira Operations GmbH & Co. KG                              )
Task: {C20AC3DE-8C16-49C6-82DF-7ECB7E78C46C} - System32\Tasks\{05792CFD-05F5-46C8-9C8C-19C70F0E9549} => F:\Setup.exe
Task: {D21C77C0-6040-484C-8D8F-29229BE0B434} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2017-06-20] (SUPERAntiSpyware) <==== ATTENTION
Task: {D71BD3E9-9D48-4AE3-8D71-40503042B818} - System32\Tasks\{095E7B1F-B78E-430C-9E00-3A980CBC2EC7} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {DA4FECCE-33E1-4D3E-9643-20A155D7D694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF3F0AF7-6913-4840-8E0F-214B56FB6E4E} - System32\Tasks\{AC256CE6-2226-4B88-90C3-CDD2A645EA89} => F:\Setup.exe
Task: {E2C37FAE-6107-4123-9785-B2DF00782DE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E65E4D0E-F19E-4BE1-9BFA-C44274169D58} - System32\Tasks\HPCeeScheduleForTim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {F34E7CF6-E02B-4DC9-AC9B-4672844F95D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-05 15:56 - 2014-02-05 15:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00167312 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\lzo2.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00166840 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\libpkcs11-helper-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\Users\Tim\Desktop\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\adwcleaner_6.046.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-adwc.adwc100.3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\winupdatefix_1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mbar-1.09.3.1001.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\deere.com -> hxxps://jdparts.deere.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\flhsmv.gov -> hxxps://www.flhsmv.gov
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\hdonline.to -> hxxps://hdonline.to
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\pch.com -> hxxp://search.pch.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\usa4sale.net -> hxxp://contact.usa4sale.net
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-05 12:28 - 2017-06-08 17:02 - 00000033 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP1.jpg
DNS Servers: 192.168.224.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: HPFSService => 2
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files (x86)\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6F44F3E-63AD-4480-8981-1F8E4BC156A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92635564-B32B-4941-8709-EDC3534DA1F7}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{0F7C25B6-D55C-4599-808E-70473E50600B}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{50E9D51B-9089-4C78-8F73-3E2E5E0D42C5}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{3D066DB3-3078-49D4-A3A6-AF4075CB1645}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{9A373D22-61C3-4F8B-BBEF-1D2CEC770DB5}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{82B69666-6A08-4AB4-B240-B287A8D13E38}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{D32E408E-6053-455A-990F-9F46633386D8}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{38B50817-1FA9-4CB1-B36F-FAF8288E99E7}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{BDD0E46F-885B-4696-ADCE-C508C1F9F12A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{953F6506-888F-4867-B3B2-8E82E4E25263}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{08BCF83E-E091-4FAC-9D79-87F5D20AEE8C}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{AA04C2EA-8C48-467B-BC95-EDBCA22C98B5}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{8FD07A63-7436-47CF-BA1F-834A0A492F69}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{ACF8D3C4-FF9A-4CD3-8EA4-28D0784A5E00}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{B3C0EE64-66A1-4F53-9ABE-C6637AB3FABA}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{91069DC4-8EB5-4A7C-8804-CA63B1DB68C0}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6B43B3CE-DC50-45A5-8B9C-BBF6E68A2E22}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{E2AFA9F5-1B1B-4500-8997-4963CA7BCF15}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{285830EF-6348-490E-AF3E-A4E3BD091FBF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{2A1B1D2E-C4D7-42AF-9D46-A4D9F1592ACF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{C962AA5F-D716-4894-A777-9980540483E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D8BB9E0F-2592-4C32-B96F-AE69B073FAE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EDE067A-8C7B-43BB-A5B7-58D0CC51B633}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E81B4361-07C3-4BFB-8571-B70DD4167B3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9C94891-2C9B-40CE-8333-9A41D4FBA565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DD7DB7A0-CA86-416B-BBD9-BA1D7B2C6E53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFEDAD6-0BEB-4578-B149-3AB62C1B7D85}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C8501CF7-59E4-43E0-AA45-EE26755E751F}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{905779AE-D66A-4666-9FFB-56A8610A6FBA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{C90C27C3-BCC7-4ACE-9E22-2C7488FE70FA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{072E5150-569C-4950-833F-437FEC13136A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{D779D332-B00D-4FCC-8F0D-2038BDD79CD7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{25ABBA34-5506-420A-AA0A-93D0A7088E21}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92086CBF-6C8E-46CE-86EA-FAC5797DB131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26BE28BC-BE97-4D1D-BD8E-90F9C06978D4}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
FirewallRules: [{DCCC4C09-38AC-4106-82C9-36B5059C3EDE}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{CFFEEADA-8E35-476D-9018-B63240888C7A}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{2BFC7583-91DE-4229-BA9B-6218A5F21BF2}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
 
==================== Restore Points =========================
 
24-06-2017 07:00:27 Windows Update
24-06-2017 21:45:02 Windows Update
25-06-2017 07:00:13 Windows Update
25-06-2017 10:17:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
25-06-2017 13:34:23 Device Driver Package Install: Phantom TAP-Windows Provider V9 Network adapters
25-06-2017 13:47:04 Avira System Speedup Optimization
25-06-2017 13:48:43 Avira System Speedup Optimization
25-06-2017 21:13:42 Avira System Speedup Optimization
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2017 07:44:20 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/26/2017 07:44:08 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:38:15 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:38:15 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:38:14 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (06/26/2017 07:38:14 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (06/26/2017 07:34:24 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:34:22 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:33:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:33:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
 
System errors:
=============
Error: (06/25/2017 10:54:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 10:52:00 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume D: were aborted because of a failed free space computation.
 
Error: (06/25/2017 10:51:59 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume D: were aborted because of a failed free space computation.
 
Error: (06/25/2017 10:17:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
Access is denied.
 
Error: (06/25/2017 10:17:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
Access is denied.
 
Error: (06/25/2017 10:17:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
Access is denied.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 32%
Total physical RAM: 7612.08 MB
Available physical RAM: 5144.87 MB
Total Virtual: 15222.35 MB
Available Virtual: 11933.98 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:855.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
 
==================== End of Addition.txt ============================  SNAG-17062608552000.png   Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/06/2017 9:13:20 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/06/2017 11:44:20 AM
Type: Error Category: 0
Event: 2800 Source: HP Active Health
Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.    at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)    at System.Diagnostics.PerformanceCounterLib.get_NameTable()    at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()    at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)    at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)    at System.Diagnostics.PerformanceCounter.InitializeImpl()    at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)    at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)    at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()    at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()    at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)    at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Log: 'Application' Date/Time: 26/06/2017 11:44:08 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:38:15 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:38:15 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:38:14 AM
Type: Error Category: 1
Event: 1055 Source: flcdlock
An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9.   The system error code is 0xe0000231:-  ** The error code could not be translated **
 
Log: 'Application' Date/Time: 26/06/2017 11:38:14 AM
Type: Error Category: 1
Event: 1055 Source: flcdlock
An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Phantom TAP-Windows Adapter V9.   The system error code is 0xe0000231:-  ** The error code could not be translated **
 
Log: 'Application' Date/Time: 26/06/2017 11:34:24 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:34:22 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:33:40 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:33:40 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 11:32:39 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 26/06/2017 2:57:14 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 2:57:13 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 2:56:30 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 26/06/2017 2:54:55 AM
Type: Error Category: 3
Event: 455 Source: ESENT
wuaueng.dll (1068) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.
 
Log: 'Application' Date/Time: 26/06/2017 2:54:52 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 2:52:01 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 2:52:00 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 2:52:00 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
Log: 'Application' Date/Time: 26/06/2017 2:38:09 AM
Type: Error Category: 1
Event: 1034 Source: flcdlock
An error occurred setting a security descriptor on the device \\.\avusbflt.   The system error code is 0x5:-  Access is denied. 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/06/2017 11:45:07 AM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted.    at Interop.WUApiLib.IUpdateSearcher.Search(String criteria)    at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
 
Log: 'Application' Date/Time: 26/06/2017 11:44:17 AM
Type: Warning Category: 0
Event: 29 Source: HP Active Health
The agent state file named C:\ProgramData\Hewlett-Packard\HP Active Health\Agent State\HP.ActiveHealth.Agents.HpsaMessages.HpsaMessagesAgent.dat already exist in the list to be serialized
 
Log: 'Application' Date/Time: 26/06/2017 11:44:10 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 26/06/2017 11:44:10 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 26/06/2017 11:44:09 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 26/06/2017 11:44:09 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 26/06/2017 11:44:07 AM
Type: Warning Category: 0
Event: 27 Source: HP Active Health
Error getting process performance counters
 
Log: 'Application' Date/Time: 26/06/2017 11:44:04 AM
Type: Warning Category: 0
Event: 27 Source: HP Active Health
Error getting process performance counters
 
Log: 'Application' Date/Time: 26/06/2017 11:44:04 AM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
 
Log: 'Application' Date/Time: 26/06/2017 11:44:03 AM
Type: Warning Category: 0
Event: 27 Source: HP Active Health
Error getting process performance counters
 
Log: 'Application' Date/Time: 26/06/2017 11:44:02 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 26/06/2017 3:30:44 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   4 user registry handles leaked from \Registry\User\S-1-5-21-3386813744-1969293527-735481815-1001:
Process 2876 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 2876 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 1260 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 2876 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
 
 
Log: 'Application' Date/Time: 26/06/2017 2:54:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   8 user registry handles leaked from \Registry\User\S-1-5-21-3386813744-1969293527-735481815-1001:
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 7620 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 6240 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\sched.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 7620 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 4560 (\Device\HarddiskVolume2\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

Edited by bonezz777, 26 June 2017 - 07:14 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   16.41KB   14 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
You are getting a lot of errors from your HP Client Security  program.  I would uninstall it.  Apparently it is a bit odd and you have to disable the DVD drive first.  
 
 

  • 1

#13
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi, I've got to go fix my wife's car, will be back shortly...I re ran frst & it wouldn't run when i hit fix, I'm doing something wrong i'm sure....Also if I disable my dvd, I wont be able to use it ???Later...Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01

Ran by Tim (administrator) on TIM-HP (26-06-2017 13:47:54)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim & Guest (Available Profiles: Tim & General Log In & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(The OpenVPN Project) C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\MountPoints2: {2301f08c-46ea-11e6-b913-a0d3c14a78f6} - WinCleaner Application Setup.exe
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3386813744-1969293527-735481815-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2017-06-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3386813744-1969293527-735481815-1001] => http=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{7C0566C2-7D23-414D-B4B4-2CD1F8917416}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{B8692A19-E7CA-4985-B46C-556A84D4EF53}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1486642584294
 
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default [2016-10-26]
FF Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2016-12-04]
FF Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-06-25]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-06-25]
CHR Extension: (FedEx 
 Email/Online Label 
 Shipping...) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaafagmnojmnjepbehlplcmoklcacbl [2017-06-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-21]
CHR Extension: (Click&Clean) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-06-01]
CHR Extension: (History Eraser) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-06-23]
CHR Extension: (J2TeaM Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlcjjclebjnfohgmgikjfnbmfkigocc [2017-06-08]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-06-25]
CHR Extension: (Cyber Security News by Gold Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehljakhaojdgjoggcpnbjkehgglbfb [2017-05-28]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Click&Clean App) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-23]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-10]
 
Opera: 
=======
OPR Extension: (Stormcrow) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2017-04-18]
OPR Extension: (360 Internet Protection) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-06-25]
OPR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2016-10-25]
OPR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-06-25]
OPR Extension: (Privacy Badger) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2017-06-25]
OPR Extension: (SurfPatrol) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pafbnmdfbmigjdbkhkchclhpmfcoageo [2017-01-16]
OPR Extension: (Privacy Cleaner) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdomeailoegpefbldkonkajkcolkbmhi [2017-01-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-10] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51208 2017-01-10] (Advanced Micro Devices, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [95112 2017-01-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [254344 2017-01-10] (Advanced Micro Devices, Inc. )
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-06-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-06-02] (Avira Operations GmbH & Co. KG)
R3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-05-18] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 13:47 - 2017-06-26 13:48 - 00023361 _____ C:\Users\Tim\Desktop\FRST.txt
2017-06-26 08:56 - 2017-06-26 08:56 - 00000000 ____D C:\Users\Tim\Desktop\FRST-OlderVersion
2017-06-26 07:45 - 2017-06-26 07:46 - 20612608 _____ (Adobe Systems Incorporated) C:\Users\Tim\Downloads\install_flash_player_ppapi.exe
2017-06-25 22:56 - 2017-06-25 22:56 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 22:24 - 2017-06-26 13:47 - 00000000 ____D C:\Users\Tim\Desktop\New folder junk files
2017-06-25 22:21 - 2017-06-25 22:21 - 00030354 _____ C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-25 21:22 - 2017-06-25 21:22 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Avira
2017-06-25 13:36 - 2017-06-02 19:05 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-25 13:30 - 2017-06-25 13:30 - 00002156 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-06-25 13:29 - 2017-06-25 13:29 - 00003506 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-06-25 13:29 - 2017-06-25 13:29 - 00003378 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-06-25 13:28 - 2017-06-26 07:34 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-25 13:28 - 2017-06-25 13:28 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-06-25 13:28 - 2017-06-25 13:28 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-06-25 13:27 - 2017-06-25 13:27 - 00002086 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-06-25 13:27 - 2017-06-25 13:27 - 00001048 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Avira
2017-06-25 13:25 - 2017-06-25 13:25 - 00001212 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-25 13:23 - 2017-06-25 13:23 - 04799712 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tim\Desktop\avira_en_fass0_58e0ec4c4ec59__ws.exe
2017-06-25 10:54 - 2017-06-26 09:13 - 00012926 _____ C:\VEW.txt
2017-06-25 10:51 - 2017-06-25 10:51 - 00061440 _____ ( ) C:\Users\Tim\Desktop\VEW.exe
2017-06-25 10:18 - 2017-06-25 10:18 - 00001409 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-06-25 10:16 - 2017-06-25 10:17 - 26157600 _____ C:\Users\Tim\Desktop\SeaToolsforWindowsSetup.exe
2017-06-20 19:08 - 2017-06-20 19:08 - 00000057 _____ C:\ProgramData\Ament.ini
2017-06-20 19:08 - 2017-06-20 19:08 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Hewlett-Packard
2017-06-20 19:06 - 2017-06-20 19:07 - 48748328 _____ C:\Users\Tim\Desktop\DJ1000_J110_1313-1.exe
2017-06-20 18:15 - 2017-06-20 19:08 - 00003610 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series
2017-06-20 18:15 - 2017-06-20 18:22 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-06-20 18:15 - 2017-06-20 18:15 - 00001105 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-06-20 18:15 - 2017-06-20 18:15 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-06-20 18:14 - 2017-06-20 19:08 - 00002280 _____ C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 19:08 - 00001202 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\Program Files\HP
2017-06-20 15:43 - 2017-06-20 15:43 - 00002640 _____ C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk
2017-06-20 15:43 - 2017-06-20 15:43 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-18 11:36 - 2017-06-18 11:36 - 00900704 _____ (Seagate Technology) C:\Users\Tim\Desktop\drivedetect.exe
2017-06-14 06:31 - 2017-06-25 20:04 - 00000000 ____D C:\Program Files\Speccy
2017-06-14 06:31 - 2017-06-14 06:31 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-06-14 06:31 - 2017-06-14 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-06-14 06:29 - 2017-06-14 06:29 - 06293184 _____ (Piriform Ltd) C:\Users\Tim\Desktop\spsetup130.exe
2017-06-14 05:48 - 2017-06-14 05:48 - 02724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Tim\Desktop\procexp.exe
2017-06-12 17:55 - 2017-06-12 17:55 - 00030951 _____ C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-12 08:29 - 2017-06-26 13:47 - 00000000 ____D C:\FRST
2017-06-12 08:27 - 2017-06-26 08:56 - 02441216 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2017-06-08 18:50 - 2017-06-08 18:47 - 00000030 _____ C:\AVScanner.ini
2017-06-08 16:30 - 2017-06-26 08:54 - 00000000 ____D C:\Users\Tim\AppData\Local\FSDART
2017-06-08 16:30 - 2017-06-08 16:31 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2017-06-08 16:07 - 2017-06-08 16:05 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-06-08 15:34 - 2017-06-08 15:35 - 00524248 _____ (F-Secure Corporation) C:\Users\Tim\Desktop\F-SecureOnlineScanner.exe
2017-06-06 13:57 - 2017-06-06 13:57 - 00313366 _____ C:\Users\Tim\Downloads\WindowsUpdate.diagcab
2017-05-27 14:25 - 2017-05-27 14:25 - 00000000 ____D C:\Users\Tim\AppData\Local\Microsoft Corporation
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:33 - 2017-01-31 11:24 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 07:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-25 23:31 - 2015-12-12 03:28 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-25 22:56 - 2016-10-26 04:50 - 00000000 ____D C:\Users\Tim\AppData\Local\Avira
2017-06-25 21:08 - 2016-10-26 05:38 - 00016328 _____ C:\Windows\SysWOW64\Defrag.debuglog
2017-06-25 13:47 - 2016-04-21 12:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\hpqLog
2017-06-25 13:36 - 2016-10-26 03:40 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-25 13:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-25 13:25 - 2016-03-20 05:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 09:37 - 2016-05-28 09:30 - 00000000 ____D C:\AdwCleaner
2017-06-24 07:06 - 2017-02-21 11:34 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTim
2017-06-24 07:06 - 2017-02-21 11:34 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForTim.job
2017-06-20 19:08 - 2016-01-25 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-20 19:08 - 2015-12-12 03:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-06-20 18:47 - 2017-02-16 11:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-20 18:15 - 2015-12-12 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-20 17:50 - 2016-05-20 14:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-06-20 17:50 - 2015-12-12 03:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-06-20 17:50 - 2015-12-12 03:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-06-20 17:50 - 2015-12-12 03:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-06-20 15:56 - 2015-12-28 16:22 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2017-06-18 10:05 - 2016-12-14 11:00 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1481727622
2017-06-18 10:05 - 2016-12-14 10:59 - 00000000 ____D C:\Program Files\Opera
2017-06-18 09:59 - 2015-12-12 03:30 - 00000000 ____D C:\Windows\tbaseregistry
2017-06-18 09:57 - 2015-12-12 03:31 - 26213345 _____ C:\Windows\SysWOW64\rootpa.e2e
2017-06-18 09:46 - 2016-01-12 12:30 - 00000000 ___RD C:\Users\Tim\Documents\Scanned Documents
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 07:09 - 2016-01-05 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 07:07 - 2016-01-31 19:50 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 07:02 - 2016-06-05 13:32 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-10 21:15 - 2017-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-10 21:13 - 2016-05-24 12:34 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Adobe
2017-06-10 21:13 - 2016-03-05 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-10 21:13 - 2015-12-28 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 20:55 - 2016-01-07 08:12 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-06-08 18:28 - 2016-11-02 15:07 - 03255948 _____ C:\Windows\ntbtlog.txt
2017-06-08 16:17 - 2016-12-05 11:49 - 00000000 ____D C:\Program Files\Java
2017-06-08 16:17 - 2016-04-08 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-08 16:07 - 2016-04-08 13:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-08 16:05 - 2016-12-05 11:50 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-06-08 16:05 - 2016-12-05 11:50 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-06-08 16:04 - 2016-04-08 13:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-06 13:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-06 12:38 - 2017-01-31 11:24 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-28 06:53 - 2017-02-11 09:30 - 00000000 ____D C:\SUPERDelete
 
==================== Files in the root of some directories =======
 
2017-02-08 21:17 - 2017-02-08 21:17 - 0046788 _____ () C:\ProgramData\agent.1486603026.bdinstall.bin
2017-02-08 21:36 - 2017-02-08 21:36 - 0028706 _____ () C:\ProgramData\agent.1486604163.bdinstall.bin
2017-02-08 21:37 - 2017-02-08 21:37 - 0028778 _____ () C:\ProgramData\agent.1486604202.bdinstall.bin
2017-02-08 22:18 - 2017-02-08 22:18 - 0028778 _____ () C:\ProgramData\agent.1486606720.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821554.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821588.bdinstall.bin
2017-02-12 05:55 - 2017-02-12 05:55 - 0028779 _____ () C:\ProgramData\agent.1486893287.bdinstall.bin
2017-02-16 11:48 - 2017-02-16 11:48 - 0028497 _____ () C:\ProgramData\agent.1487260113.bdinstall.bin
2017-02-16 11:49 - 2017-02-16 11:49 - 0028427 _____ () C:\ProgramData\agent.1487260177.bdinstall.bin
2017-02-16 12:49 - 2017-02-16 12:49 - 0028780 _____ () C:\ProgramData\agent.1487263757.bdinstall.bin
2017-02-16 12:50 - 2017-02-16 12:50 - 0028780 _____ () C:\ProgramData\agent.1487263804.bdinstall.bin
2017-02-16 18:58 - 2017-02-16 18:58 - 0028780 _____ () C:\ProgramData\agent.1487285925.bdinstall.bin
2017-02-17 13:08 - 2017-02-17 13:08 - 0028780 _____ () C:\ProgramData\agent.1487351306.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:07 - 0028780 _____ () C:\ProgramData\agent.1487628430.bdinstall.bin
2017-03-03 09:42 - 2017-03-03 09:42 - 0028780 _____ () C:\ProgramData\agent.1488548516.bdinstall.bin
2017-03-04 11:39 - 2017-03-04 11:39 - 0028780 _____ () C:\ProgramData\agent.1488641969.bdinstall.bin
2017-03-06 18:07 - 2017-03-06 18:07 - 0028780 _____ () C:\ProgramData\agent.1488838053.bdinstall.bin
2017-03-06 18:08 - 2017-03-06 18:08 - 0028780 _____ () C:\ProgramData\agent.1488838117.bdinstall.bin
2017-03-07 07:06 - 2017-03-07 07:06 - 0028780 _____ () C:\ProgramData\agent.1488884812.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028780 _____ () C:\ProgramData\agent.1489097528.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028779 _____ () C:\ProgramData\agent.1489097574.bdinstall.bin
2017-03-14 08:59 - 2017-03-14 08:59 - 0028736 _____ () C:\ProgramData\agent.1489496386.bdinstall.bin
2017-03-14 09:22 - 2017-03-14 09:22 - 0028601 _____ () C:\ProgramData\agent.1489497767.bdinstall.bin
2017-03-14 09:23 - 2017-03-14 09:23 - 0028743 _____ () C:\ProgramData\agent.1489497792.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028738 _____ () C:\ProgramData\agent.1489838475.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028745 _____ () C:\ProgramData\agent.1489838502.bdinstall.bin
2017-06-25 22:21 - 2017-06-25 22:21 - 0030354 _____ () C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-12 17:55 - 2017-06-12 17:55 - 0030951 _____ () C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-20 19:08 - 2017-06-20 19:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-02-08 22:22 - 2017-02-08 22:22 - 0368084 _____ () C:\ProgramData\cl.1486606757.bdinstall.bin
2017-03-09 18:16 - 2017-03-09 18:16 - 0380034 _____ () C:\ProgramData\cl.repair.1489097691.bdinstall.bin
2017-03-14 09:20 - 2017-03-14 09:20 - 0215144 _____ () C:\ProgramData\cl.uninstall.1489497341.bdinstall.bin
2016-06-29 17:22 - 2016-06-29 17:23 - 1271840 _____ () C:\ProgramData\hpdam_install_log.txt
2016-06-29 17:22 - 2016-06-29 17:22 - 0272336 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 08:26
 
==================== End of FRST.txt ============================    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Tim (26-06-2017 13:48:38)
Running from C:\Users\Tim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-20 19:14:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Disabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.8.2.29275 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.5.3029.2783 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.0.5478 - Avira Operations GmbH & Co. KG)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EarthLink Accelerator (HKLM-x32\...\EarthLink Accelerator) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.19.3 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version:  - WOLFCODERS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07999E06-7CD6-4BE2-9213-12FF183808BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {220ECEBE-27F2-49F6-B940-105C91A5710F} - System32\Tasks\{AD6719E0-A35B-4FB0-9469-F3ECA6E98920} => F:\Setup.exe
Task: {2BDFECED-24B7-4D8C-9025-C1502F04228B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2F177236-8AEA-4439-9CD0-BDEF1C7C0257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {36A095E9-8583-4F7B-AAAC-3C11076EE515} - System32\Tasks\{A54828EC-DF0D-4800-BCD0-8A56F560D437} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {385C2FE5-95C0-4665-B925-80CEDA035EB5} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {3D11CE46-87BC-4C8D-A998-1334CBECE846} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {3D67B3E7-C05E-44C0-86C3-41EA2295BFD7} - System32\Tasks\{2B4A8FF7-D501-46FB-9AE4-9518FE895316} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {3FD481D7-33C8-4B55-83D1-6ADEA73CD958} - System32\Tasks\Opera scheduled Autoupdate 1481727622 => C:\Program Files\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {4E5A5561-7AF6-4C58-9FBD-05CBFB188944} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4EA0DEA2-1FE1-4122-84C3-EECC5E56C6CF} - System32\Tasks\{1C7D4D19-C8E6-455D-A53C-6BADA3C107E5} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {6648098E-9C85-4D31-9D29-15910CBE5E3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6BF91CFD-DFEF-4CA8-A3A0-E810147FE45E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6BFCB507-58F4-4919-B4AC-5C9FB9D28F0C} - System32\Tasks\{A55B9265-8122-42BB-B1F3-07F7E45F3706} => Iexplore.exe hxxps://ui.skype.com/ui/0/7.32.0.104/en/eula?source=lightinstaller
Task: {6C339922-6108-4341-867F-16536565B946} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
Task: {75A91597-6A9A-45C0-8C0C-F6B1B466A192} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {7656ADD2-637A-49B9-BD5B-2163FC5FC827} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {76637EEE-D769-4FF1-87A0-B618D5210B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7905813F-3B6D-486B-8E94-A99FCD531A2F} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {81F28D25-FD76-46E0-9A94-7CFBD52AD198} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8773223F-C0F6-4256-B6AE-37485593ED18} - System32\Tasks\{B1BDA461-F2FB-4735-911B-8466740BEE40} => pcalua.exe -a F:\ISP5900\setup.exe -d F:\ISP5900
Task: {878D9DF9-D68A-43FF-9FA6-46EACB45D8CE} - System32\Tasks\{63BBADBD-CE52-4A80-BA74-A575FC495A84} => F:\Setup.exe
Task: {8A378C3D-49EF-4E60-8D81-262E5144498E} - System32\Tasks\{46A17704-B290-4506-9618-5701D9CA2AD2} => F:\Setup.exe
Task: {8DD566CA-2A83-4148-86AC-DDB5D3C322BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {91245DE5-488E-4A6D-B6F4-7DED8F800C96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {91865B85-37EF-4B20-9F1E-CAD158966E73} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\1 => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {92A5803E-5154-441D-983A-B74D0B2F9E1B} - System32\Tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0} => C:\Users\General Log In\Downloads\SUPERAntiSpyware.exe
Task: {9B578603-B351-47C9-88B1-4C64952A44E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A398B473-F52B-4FD1-AEB9-A800E460F84E} - System32\Tasks\{AFB67468-FA1C-44FC-8F3D-F1A849BC465F} => F:\Setup.exe
Task: {AA854452-7584-4BA7-A8FD-BAC70A4D580F} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {ABEE2E06-9083-4E46-BC19-0049023C84E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AE9DC7A8-FA4F-42AD-ACF2-9B838FCD2522} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB343A67-670A-46A9-87D7-158AF9A9EC79} - System32\Tasks\{729BA09E-DBAC-4313-9C6E-3892146BD40A} => F:\Setup.exe
Task: {BC860C8E-EC1D-4646-A9A1-B48BEA459B70} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-06-25] (Avira Operations GmbH & Co. KG                              )
Task: {C20AC3DE-8C16-49C6-82DF-7ECB7E78C46C} - System32\Tasks\{05792CFD-05F5-46C8-9C8C-19C70F0E9549} => F:\Setup.exe
Task: {D21C77C0-6040-484C-8D8F-29229BE0B434} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2017-06-20] (SUPERAntiSpyware) <==== ATTENTION
Task: {D71BD3E9-9D48-4AE3-8D71-40503042B818} - System32\Tasks\{095E7B1F-B78E-430C-9E00-3A980CBC2EC7} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {DA4FECCE-33E1-4D3E-9643-20A155D7D694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF3F0AF7-6913-4840-8E0F-214B56FB6E4E} - System32\Tasks\{AC256CE6-2226-4B88-90C3-CDD2A645EA89} => F:\Setup.exe
Task: {E2C37FAE-6107-4123-9785-B2DF00782DE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E65E4D0E-F19E-4BE1-9BFA-C44274169D58} - System32\Tasks\HPCeeScheduleForTim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {F34E7CF6-E02B-4DC9-AC9B-4672844F95D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-05 15:56 - 2014-02-05 15:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00167312 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\lzo2.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00166840 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\libpkcs11-helper-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\Users\Tim\Desktop\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\adwcleaner_6.046.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-adwc.adwc100.3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\winupdatefix_1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mbar-1.09.3.1001.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\deere.com -> hxxps://jdparts.deere.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\flhsmv.gov -> hxxps://www.flhsmv.gov
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\hdonline.to -> hxxps://hdonline.to
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\pch.com -> hxxp://search.pch.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\usa4sale.net -> hxxp://contact.usa4sale.net
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-05 12:28 - 2017-06-08 17:02 - 00000033 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP1.jpg
DNS Servers: 192.168.224.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: HPFSService => 2
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files (x86)\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6F44F3E-63AD-4480-8981-1F8E4BC156A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92635564-B32B-4941-8709-EDC3534DA1F7}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{0F7C25B6-D55C-4599-808E-70473E50600B}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{50E9D51B-9089-4C78-8F73-3E2E5E0D42C5}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{3D066DB3-3078-49D4-A3A6-AF4075CB1645}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{9A373D22-61C3-4F8B-BBEF-1D2CEC770DB5}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{82B69666-6A08-4AB4-B240-B287A8D13E38}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{D32E408E-6053-455A-990F-9F46633386D8}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{38B50817-1FA9-4CB1-B36F-FAF8288E99E7}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{BDD0E46F-885B-4696-ADCE-C508C1F9F12A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{953F6506-888F-4867-B3B2-8E82E4E25263}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{08BCF83E-E091-4FAC-9D79-87F5D20AEE8C}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{AA04C2EA-8C48-467B-BC95-EDBCA22C98B5}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{8FD07A63-7436-47CF-BA1F-834A0A492F69}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{ACF8D3C4-FF9A-4CD3-8EA4-28D0784A5E00}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{B3C0EE64-66A1-4F53-9ABE-C6637AB3FABA}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{91069DC4-8EB5-4A7C-8804-CA63B1DB68C0}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6B43B3CE-DC50-45A5-8B9C-BBF6E68A2E22}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{E2AFA9F5-1B1B-4500-8997-4963CA7BCF15}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{285830EF-6348-490E-AF3E-A4E3BD091FBF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{2A1B1D2E-C4D7-42AF-9D46-A4D9F1592ACF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{C962AA5F-D716-4894-A777-9980540483E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D8BB9E0F-2592-4C32-B96F-AE69B073FAE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EDE067A-8C7B-43BB-A5B7-58D0CC51B633}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E81B4361-07C3-4BFB-8571-B70DD4167B3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9C94891-2C9B-40CE-8333-9A41D4FBA565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DD7DB7A0-CA86-416B-BBD9-BA1D7B2C6E53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFEDAD6-0BEB-4578-B149-3AB62C1B7D85}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C8501CF7-59E4-43E0-AA45-EE26755E751F}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{905779AE-D66A-4666-9FFB-56A8610A6FBA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{C90C27C3-BCC7-4ACE-9E22-2C7488FE70FA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{072E5150-569C-4950-833F-437FEC13136A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{D779D332-B00D-4FCC-8F0D-2038BDD79CD7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{25ABBA34-5506-420A-AA0A-93D0A7088E21}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92086CBF-6C8E-46CE-86EA-FAC5797DB131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26BE28BC-BE97-4D1D-BD8E-90F9C06978D4}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
FirewallRules: [{DCCC4C09-38AC-4106-82C9-36B5059C3EDE}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{CFFEEADA-8E35-476D-9018-B63240888C7A}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{2BFC7583-91DE-4229-BA9B-6218A5F21BF2}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
 
==================== Restore Points =========================
 
25-06-2017 13:34:23 Device Driver Package Install: Phantom TAP-Windows Provider V9 Network adapters
25-06-2017 13:47:04 Avira System Speedup Optimization
25-06-2017 13:48:43 Avira System Speedup Optimization
25-06-2017 21:13:42 Avira System Speedup Optimization
26-06-2017 10:24:07 Windows Update
26-06-2017 13:03:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2017 01:03:37 PM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 12:01:41 PM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:55:44 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:50:15 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:38:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:38:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 10:24:38 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 10:24:31 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:44:20 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/26/2017 07:44:08 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
 
System errors:
=============
Error: (06/26/2017 01:10:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (06/26/2017 01:05:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/26/2017 01:05:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719).
 
Error: (06/26/2017 01:04:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/26/2017 10:30:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (06/26/2017 10:25:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/26/2017 10:25:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719).
 
Error: (06/26/2017 10:24:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/25/2017 10:54:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 10:52:00 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume D: were aborted because of a failed free space computation.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 28%
Total physical RAM: 7612.08 MB
Available physical RAM: 5476.21 MB
Total Virtual: 15222.35 MB
Available Virtual: 11845.38 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:855.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#14
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi, hope this is what You want: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Tim (administrator) on TIM-HP (26-06-2017 16:51:00)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim & Guest (Available Profiles: Tim & General Log In & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(The OpenVPN Project) C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\MountPoints2: {2301f08c-46ea-11e6-b913-a0d3c14a78f6} - WinCleaner Application Setup.exe
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3386813744-1969293527-735481815-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2017-06-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3386813744-1969293527-735481815-1001] => http=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{7C0566C2-7D23-414D-B4B4-2CD1F8917416}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{B8692A19-E7CA-4985-B46C-556A84D4EF53}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1486642584294
 
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default [2016-10-26]
FF Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2016-12-04]
FF Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-06-25]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\2tXjV4ld.default\Extensions\[email protected] [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-06-25] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Avira Password Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-06-25]
CHR Extension: (FedEx 
 Email/Online Label 
 Shipping...) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaafagmnojmnjepbehlplcmoklcacbl [2017-06-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-21]
CHR Extension: (Click&Clean) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-06-01]
CHR Extension: (History Eraser) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-06-23]
CHR Extension: (J2TeaM Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlcjjclebjnfohgmgikjfnbmfkigocc [2017-06-08]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-06-25]
CHR Extension: (Cyber Security News by Gold Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehljakhaojdgjoggcpnbjkehgglbfb [2017-05-28]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Click&Clean App) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-23]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-10]
 
Opera: 
=======
OPR Extension: (Stormcrow) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2017-04-18]
OPR Extension: (360 Internet Protection) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-06-25]
OPR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2016-10-25]
OPR Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-06-25]
OPR Extension: (Privacy Badger) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2017-06-25]
OPR Extension: (SurfPatrol) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pafbnmdfbmigjdbkhkchclhpmfcoageo [2017-01-16]
OPR Extension: (Privacy Cleaner) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdomeailoegpefbldkonkajkcolkbmhi [2017-01-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-10] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-06-25] (Avira Operations GmbH & Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51208 2017-01-10] (Advanced Micro Devices, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [95112 2017-01-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [254344 2017-01-10] (Advanced Micro Devices, Inc. )
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-06-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-06-02] (Avira Operations GmbH & Co. KG)
R3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-05-18] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 13:48 - 2017-06-26 13:49 - 00043920 _____ C:\Users\Tim\Desktop\Addition.txt
2017-06-26 13:47 - 2017-06-26 16:51 - 00023324 _____ C:\Users\Tim\Desktop\FRST.txt
2017-06-26 08:56 - 2017-06-26 16:44 - 00000000 ____D C:\Users\Tim\Desktop\FRST-OlderVersion
2017-06-26 07:45 - 2017-06-26 07:46 - 20612608 _____ (Adobe Systems Incorporated) C:\Users\Tim\Downloads\install_flash_player_ppapi.exe
2017-06-25 22:56 - 2017-06-25 22:56 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 22:24 - 2017-06-26 13:47 - 00000000 ____D C:\Users\Tim\Desktop\New folder junk files
2017-06-25 22:21 - 2017-06-25 22:21 - 00030354 _____ C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-25 21:22 - 2017-06-25 21:22 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Avira
2017-06-25 13:36 - 2017-06-02 19:05 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-25 13:36 - 2017-06-02 19:05 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-25 13:30 - 2017-06-25 13:30 - 00002156 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-06-25 13:29 - 2017-06-25 13:29 - 00003506 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-06-25 13:29 - 2017-06-25 13:29 - 00003378 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-06-25 13:28 - 2017-06-26 07:34 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-25 13:28 - 2017-06-25 13:28 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-06-25 13:28 - 2017-06-25 13:28 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-06-25 13:27 - 2017-06-25 13:27 - 00002086 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-06-25 13:27 - 2017-06-25 13:27 - 00001048 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 13:25 - 2017-06-25 13:36 - 00000000 ____D C:\ProgramData\Avira
2017-06-25 13:25 - 2017-06-25 13:25 - 00001212 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-25 13:23 - 2017-06-25 13:23 - 04799712 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tim\Desktop\avira_en_fass0_58e0ec4c4ec59__ws.exe
2017-06-25 10:54 - 2017-06-26 09:13 - 00012926 _____ C:\VEW.txt
2017-06-25 10:51 - 2017-06-25 10:51 - 00061440 _____ ( ) C:\Users\Tim\Desktop\VEW.exe
2017-06-25 10:18 - 2017-06-25 10:18 - 00001409 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-06-25 10:17 - 2017-06-25 10:17 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-06-25 10:16 - 2017-06-25 10:17 - 26157600 _____ C:\Users\Tim\Desktop\SeaToolsforWindowsSetup.exe
2017-06-20 19:08 - 2017-06-20 19:08 - 00000057 _____ C:\ProgramData\Ament.ini
2017-06-20 19:08 - 2017-06-20 19:08 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Hewlett-Packard
2017-06-20 19:06 - 2017-06-20 19:07 - 48748328 _____ C:\Users\Tim\Desktop\DJ1000_J110_1313-1.exe
2017-06-20 18:15 - 2017-06-20 19:08 - 00003610 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series
2017-06-20 18:15 - 2017-06-20 18:22 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-06-20 18:15 - 2017-06-20 18:15 - 00001105 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-06-20 18:15 - 2017-06-20 18:15 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-06-20 18:14 - 2017-06-20 19:08 - 00002280 _____ C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 19:08 - 00001202 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\Program Files\HP
2017-06-20 15:43 - 2017-06-20 15:43 - 00002640 _____ C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk
2017-06-20 15:43 - 2017-06-20 15:43 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-18 11:36 - 2017-06-18 11:36 - 00900704 _____ (Seagate Technology) C:\Users\Tim\Desktop\drivedetect.exe
2017-06-14 06:31 - 2017-06-25 20:04 - 00000000 ____D C:\Program Files\Speccy
2017-06-14 06:31 - 2017-06-14 06:31 - 00000804 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-06-14 06:31 - 2017-06-14 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-06-14 06:29 - 2017-06-14 06:29 - 06293184 _____ (Piriform Ltd) C:\Users\Tim\Desktop\spsetup130.exe
2017-06-14 05:48 - 2017-06-14 05:48 - 02724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Tim\Desktop\procexp.exe
2017-06-12 17:55 - 2017-06-12 17:55 - 00030951 _____ C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-12 08:29 - 2017-06-26 16:51 - 00000000 ____D C:\FRST
2017-06-12 08:27 - 2017-06-26 08:56 - 02441216 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2017-06-08 18:50 - 2017-06-08 18:47 - 00000030 _____ C:\AVScanner.ini
2017-06-08 16:30 - 2017-06-26 08:54 - 00000000 ____D C:\Users\Tim\AppData\Local\FSDART
2017-06-08 16:30 - 2017-06-08 16:31 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2017-06-08 16:17 - 2017-06-08 16:05 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2017-06-08 16:07 - 2017-06-08 16:05 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-06-08 15:34 - 2017-06-08 15:35 - 00524248 _____ (F-Secure Corporation) C:\Users\Tim\Desktop\F-SecureOnlineScanner.exe
2017-06-06 13:57 - 2017-06-06 13:57 - 00313366 _____ C:\Users\Tim\Downloads\WindowsUpdate.diagcab
2017-05-27 14:25 - 2017-05-27 14:25 - 00000000 ____D C:\Users\Tim\AppData\Local\Microsoft Corporation
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:46 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-26 07:33 - 2017-01-31 11:24 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 07:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-25 23:31 - 2015-12-12 03:28 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-25 22:56 - 2016-10-26 04:50 - 00000000 ____D C:\Users\Tim\AppData\Local\Avira
2017-06-25 21:08 - 2016-10-26 05:38 - 00016328 _____ C:\Windows\SysWOW64\Defrag.debuglog
2017-06-25 13:47 - 2016-04-21 12:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\hpqLog
2017-06-25 13:36 - 2016-10-26 03:40 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-25 13:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-25 13:25 - 2016-03-20 05:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 09:37 - 2016-05-28 09:30 - 00000000 ____D C:\AdwCleaner
2017-06-24 07:06 - 2017-02-21 11:34 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTim
2017-06-24 07:06 - 2017-02-21 11:34 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForTim.job
2017-06-20 19:08 - 2016-01-25 18:03 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-20 19:08 - 2015-12-12 03:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-06-20 18:47 - 2017-02-16 11:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-20 18:15 - 2015-12-12 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-20 17:50 - 2016-05-20 14:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-06-20 17:50 - 2015-12-12 03:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-06-20 17:50 - 2015-12-12 03:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-06-20 17:50 - 2015-12-12 03:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-06-20 15:56 - 2015-12-28 16:22 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2017-06-18 10:05 - 2016-12-14 11:00 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1481727622
2017-06-18 10:05 - 2016-12-14 10:59 - 00000000 ____D C:\Program Files\Opera
2017-06-18 09:59 - 2015-12-12 03:30 - 00000000 ____D C:\Windows\tbaseregistry
2017-06-18 09:57 - 2015-12-12 03:31 - 26213345 _____ C:\Windows\SysWOW64\rootpa.e2e
2017-06-18 09:46 - 2016-01-12 12:30 - 00000000 ___RD C:\Users\Tim\Documents\Scanned Documents
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 15:31 - 2016-01-05 08:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 07:09 - 2016-01-05 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 07:07 - 2016-01-31 19:50 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 07:02 - 2016-06-05 13:32 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-10 21:15 - 2017-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-10 21:13 - 2016-05-24 12:34 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Adobe
2017-06-10 21:13 - 2016-03-05 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-10 21:13 - 2015-12-28 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 20:55 - 2016-01-07 08:12 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-08 19:14 - 2017-02-08 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-06-08 18:28 - 2016-11-02 15:07 - 03255948 _____ C:\Windows\ntbtlog.txt
2017-06-08 16:17 - 2016-12-05 11:49 - 00000000 ____D C:\Program Files\Java
2017-06-08 16:17 - 2016-04-08 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-08 16:07 - 2016-04-08 13:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-08 16:05 - 2016-12-05 11:50 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-06-08 16:05 - 2016-12-05 11:50 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-06-08 16:04 - 2016-04-08 13:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-06 13:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-06 12:38 - 2017-01-31 11:24 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-28 06:53 - 2017-02-11 09:30 - 00000000 ____D C:\SUPERDelete
 
==================== Files in the root of some directories =======
 
2017-02-08 21:17 - 2017-02-08 21:17 - 0046788 _____ () C:\ProgramData\agent.1486603026.bdinstall.bin
2017-02-08 21:36 - 2017-02-08 21:36 - 0028706 _____ () C:\ProgramData\agent.1486604163.bdinstall.bin
2017-02-08 21:37 - 2017-02-08 21:37 - 0028778 _____ () C:\ProgramData\agent.1486604202.bdinstall.bin
2017-02-08 22:18 - 2017-02-08 22:18 - 0028778 _____ () C:\ProgramData\agent.1486606720.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821554.bdinstall.bin
2017-02-11 09:59 - 2017-02-11 09:59 - 0028780 _____ () C:\ProgramData\agent.1486821588.bdinstall.bin
2017-02-12 05:55 - 2017-02-12 05:55 - 0028779 _____ () C:\ProgramData\agent.1486893287.bdinstall.bin
2017-02-16 11:48 - 2017-02-16 11:48 - 0028497 _____ () C:\ProgramData\agent.1487260113.bdinstall.bin
2017-02-16 11:49 - 2017-02-16 11:49 - 0028427 _____ () C:\ProgramData\agent.1487260177.bdinstall.bin
2017-02-16 12:49 - 2017-02-16 12:49 - 0028780 _____ () C:\ProgramData\agent.1487263757.bdinstall.bin
2017-02-16 12:50 - 2017-02-16 12:50 - 0028780 _____ () C:\ProgramData\agent.1487263804.bdinstall.bin
2017-02-16 18:58 - 2017-02-16 18:58 - 0028780 _____ () C:\ProgramData\agent.1487285925.bdinstall.bin
2017-02-17 13:08 - 2017-02-17 13:08 - 0028780 _____ () C:\ProgramData\agent.1487351306.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:07 - 0028780 _____ () C:\ProgramData\agent.1487628430.bdinstall.bin
2017-03-03 09:42 - 2017-03-03 09:42 - 0028780 _____ () C:\ProgramData\agent.1488548516.bdinstall.bin
2017-03-04 11:39 - 2017-03-04 11:39 - 0028780 _____ () C:\ProgramData\agent.1488641969.bdinstall.bin
2017-03-06 18:07 - 2017-03-06 18:07 - 0028780 _____ () C:\ProgramData\agent.1488838053.bdinstall.bin
2017-03-06 18:08 - 2017-03-06 18:08 - 0028780 _____ () C:\ProgramData\agent.1488838117.bdinstall.bin
2017-03-07 07:06 - 2017-03-07 07:06 - 0028780 _____ () C:\ProgramData\agent.1488884812.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028780 _____ () C:\ProgramData\agent.1489097528.bdinstall.bin
2017-03-09 18:12 - 2017-03-09 18:12 - 0028779 _____ () C:\ProgramData\agent.1489097574.bdinstall.bin
2017-03-14 08:59 - 2017-03-14 08:59 - 0028736 _____ () C:\ProgramData\agent.1489496386.bdinstall.bin
2017-03-14 09:22 - 2017-03-14 09:22 - 0028601 _____ () C:\ProgramData\agent.1489497767.bdinstall.bin
2017-03-14 09:23 - 2017-03-14 09:23 - 0028743 _____ () C:\ProgramData\agent.1489497792.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028738 _____ () C:\ProgramData\agent.1489838475.bdinstall.bin
2017-03-18 08:01 - 2017-03-18 08:01 - 0028745 _____ () C:\ProgramData\agent.1489838502.bdinstall.bin
2017-06-25 22:21 - 2017-06-25 22:21 - 0030354 _____ () C:\ProgramData\agent.uninstall.1498443671.bdinstall.bin
2017-06-12 17:55 - 2017-06-12 17:55 - 0030951 _____ () C:\ProgramData\agent.update.1497304511.bdinstall.bin
2017-06-20 19:08 - 2017-06-20 19:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-02-08 22:22 - 2017-02-08 22:22 - 0368084 _____ () C:\ProgramData\cl.1486606757.bdinstall.bin
2017-03-09 18:16 - 2017-03-09 18:16 - 0380034 _____ () C:\ProgramData\cl.repair.1489097691.bdinstall.bin
2017-03-14 09:20 - 2017-03-14 09:20 - 0215144 _____ () C:\ProgramData\cl.uninstall.1489497341.bdinstall.bin
2016-06-29 17:22 - 2016-06-29 17:23 - 1271840 _____ () C:\ProgramData\hpdam_install_log.txt
2016-06-29 17:22 - 2016-06-29 17:22 - 0272336 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 08:26
 
==================== End of FRST.txt ============================   Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Tim (26-06-2017 16:51:39)
Running from C:\Users\Tim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-20 19:14:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Disabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.8.2.29275 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.5.3029.2783 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.0.5478 - Avira Operations GmbH & Co. KG)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EarthLink Accelerator (HKLM-x32\...\EarthLink Accelerator) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.19.3 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.103.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version:  - WOLFCODERS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07999E06-7CD6-4BE2-9213-12FF183808BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {220ECEBE-27F2-49F6-B940-105C91A5710F} - System32\Tasks\{AD6719E0-A35B-4FB0-9469-F3ECA6E98920} => F:\Setup.exe
Task: {2BDFECED-24B7-4D8C-9025-C1502F04228B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2F177236-8AEA-4439-9CD0-BDEF1C7C0257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {36A095E9-8583-4F7B-AAAC-3C11076EE515} - System32\Tasks\{A54828EC-DF0D-4800-BCD0-8A56F560D437} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {385C2FE5-95C0-4665-B925-80CEDA035EB5} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {3D11CE46-87BC-4C8D-A998-1334CBECE846} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {3D67B3E7-C05E-44C0-86C3-41EA2295BFD7} - System32\Tasks\{2B4A8FF7-D501-46FB-9AE4-9518FE895316} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {3FD481D7-33C8-4B55-83D1-6ADEA73CD958} - System32\Tasks\Opera scheduled Autoupdate 1481727622 => C:\Program Files\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {4E5A5561-7AF6-4C58-9FBD-05CBFB188944} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4EA0DEA2-1FE1-4122-84C3-EECC5E56C6CF} - System32\Tasks\{1C7D4D19-C8E6-455D-A53C-6BADA3C107E5} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {6648098E-9C85-4D31-9D29-15910CBE5E3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6BF91CFD-DFEF-4CA8-A3A0-E810147FE45E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6BFCB507-58F4-4919-B4AC-5C9FB9D28F0C} - System32\Tasks\{A55B9265-8122-42BB-B1F3-07F7E45F3706} => Iexplore.exe hxxps://ui.skype.com/ui/0/7.32.0.104/en/eula?source=lightinstaller
Task: {6C339922-6108-4341-867F-16536565B946} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
Task: {75A91597-6A9A-45C0-8C0C-F6B1B466A192} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-13] (Avira Operations GmbH & Co. KG)
Task: {7656ADD2-637A-49B9-BD5B-2163FC5FC827} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {76637EEE-D769-4FF1-87A0-B618D5210B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7905813F-3B6D-486B-8E94-A99FCD531A2F} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {81F28D25-FD76-46E0-9A94-7CFBD52AD198} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8773223F-C0F6-4256-B6AE-37485593ED18} - System32\Tasks\{B1BDA461-F2FB-4735-911B-8466740BEE40} => pcalua.exe -a F:\ISP5900\setup.exe -d F:\ISP5900
Task: {878D9DF9-D68A-43FF-9FA6-46EACB45D8CE} - System32\Tasks\{63BBADBD-CE52-4A80-BA74-A575FC495A84} => F:\Setup.exe
Task: {8A378C3D-49EF-4E60-8D81-262E5144498E} - System32\Tasks\{46A17704-B290-4506-9618-5701D9CA2AD2} => F:\Setup.exe
Task: {8DD566CA-2A83-4148-86AC-DDB5D3C322BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {91245DE5-488E-4A6D-B6F4-7DED8F800C96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {91865B85-37EF-4B20-9F1E-CAD158966E73} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\1 => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {92A5803E-5154-441D-983A-B74D0B2F9E1B} - System32\Tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0} => C:\Users\General Log In\Downloads\SUPERAntiSpyware.exe
Task: {9B578603-B351-47C9-88B1-4C64952A44E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A398B473-F52B-4FD1-AEB9-A800E460F84E} - System32\Tasks\{AFB67468-FA1C-44FC-8F3D-F1A849BC465F} => F:\Setup.exe
Task: {AA854452-7584-4BA7-A8FD-BAC70A4D580F} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-06-25] (Avira Operations GmbH & Co. KG)
Task: {ABEE2E06-9083-4E46-BC19-0049023C84E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AE9DC7A8-FA4F-42AD-ACF2-9B838FCD2522} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BB343A67-670A-46A9-87D7-158AF9A9EC79} - System32\Tasks\{729BA09E-DBAC-4313-9C6E-3892146BD40A} => F:\Setup.exe
Task: {BC860C8E-EC1D-4646-A9A1-B48BEA459B70} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-06-25] (Avira Operations GmbH & Co. KG                              )
Task: {C20AC3DE-8C16-49C6-82DF-7ECB7E78C46C} - System32\Tasks\{05792CFD-05F5-46C8-9C8C-19C70F0E9549} => F:\Setup.exe
Task: {D21C77C0-6040-484C-8D8F-29229BE0B434} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2017-06-20] (SUPERAntiSpyware) <==== ATTENTION
Task: {D71BD3E9-9D48-4AE3-8D71-40503042B818} - System32\Tasks\{095E7B1F-B78E-430C-9E00-3A980CBC2EC7} => C:\Program Files (x86)\Cobra HomeBase\CobraHomeBase.exe
Task: {DA4FECCE-33E1-4D3E-9643-20A155D7D694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF3F0AF7-6913-4840-8E0F-214B56FB6E4E} - System32\Tasks\{AC256CE6-2226-4B88-90C3-CDD2A645EA89} => F:\Setup.exe
Task: {E2C37FAE-6107-4123-9785-B2DF00782DE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E65E4D0E-F19E-4BE1-9BFA-C44274169D58} - System32\Tasks\HPCeeScheduleForTim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {F34E7CF6-E02B-4DC9-AC9B-4672844F95D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tim\Desktop\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FedEx _ Email_Online Label _ Shipping.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceaafagmnojmnjepbehlplcmoklcacbl
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-05 15:56 - 2014-02-05 15:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 17:34 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00167312 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\lzo2.dll
2017-05-18 10:15 - 2017-05-18 10:15 - 00166840 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\libpkcs11-helper-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\Users\Tim\Desktop\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\adwcleaner_6.046.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\GlassWireSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-adwc.adwc100.3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\winupdatefix_1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mbar-1.09.3.1001.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\deere.com -> hxxps://jdparts.deere.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\flhsmv.gov -> hxxps://www.flhsmv.gov
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\hdonline.to -> hxxps://hdonline.to
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\pch.com -> hxxp://search.pch.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\usa4sale.net -> hxxp://contact.usa4sale.net
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-05 12:28 - 2017-06-08 17:02 - 00000033 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3386813744-1969293527-735481815-501\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP1.jpg
DNS Servers: 192.168.224.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: HPFSService => 2
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files (x86)\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6F44F3E-63AD-4480-8981-1F8E4BC156A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92635564-B32B-4941-8709-EDC3534DA1F7}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{0F7C25B6-D55C-4599-808E-70473E50600B}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{50E9D51B-9089-4C78-8F73-3E2E5E0D42C5}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{3D066DB3-3078-49D4-A3A6-AF4075CB1645}] => (Allow) C:\Program Files (x86)\Opera\launcher.exe
FirewallRules: [{9A373D22-61C3-4F8B-BBEF-1D2CEC770DB5}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{82B69666-6A08-4AB4-B240-B287A8D13E38}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{D32E408E-6053-455A-990F-9F46633386D8}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{38B50817-1FA9-4CB1-B36F-FAF8288E99E7}] => (Allow) C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
FirewallRules: [{BDD0E46F-885B-4696-ADCE-C508C1F9F12A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{953F6506-888F-4867-B3B2-8E82E4E25263}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{08BCF83E-E091-4FAC-9D79-87F5D20AEE8C}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{AA04C2EA-8C48-467B-BC95-EDBCA22C98B5}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{8FD07A63-7436-47CF-BA1F-834A0A492F69}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{ACF8D3C4-FF9A-4CD3-8EA4-28D0784A5E00}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{B3C0EE64-66A1-4F53-9ABE-C6637AB3FABA}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{91069DC4-8EB5-4A7C-8804-CA63B1DB68C0}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6B43B3CE-DC50-45A5-8B9C-BBF6E68A2E22}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{E2AFA9F5-1B1B-4500-8997-4963CA7BCF15}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{285830EF-6348-490E-AF3E-A4E3BD091FBF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{2A1B1D2E-C4D7-42AF-9D46-A4D9F1592ACF}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CZM9O05\EW0DFB0B
FirewallRules: [{C962AA5F-D716-4894-A777-9980540483E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D8BB9E0F-2592-4C32-B96F-AE69B073FAE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EDE067A-8C7B-43BB-A5B7-58D0CC51B633}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E81B4361-07C3-4BFB-8571-B70DD4167B3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9C94891-2C9B-40CE-8333-9A41D4FBA565}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DD7DB7A0-CA86-416B-BBD9-BA1D7B2C6E53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFEDAD6-0BEB-4578-B149-3AB62C1B7D85}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C8501CF7-59E4-43E0-AA45-EE26755E751F}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{905779AE-D66A-4666-9FFB-56A8610A6FBA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{C90C27C3-BCC7-4ACE-9E22-2C7488FE70FA}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{072E5150-569C-4950-833F-437FEC13136A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{D779D332-B00D-4FCC-8F0D-2038BDD79CD7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{25ABBA34-5506-420A-AA0A-93D0A7088E21}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92086CBF-6C8E-46CE-86EA-FAC5797DB131}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26BE28BC-BE97-4D1D-BD8E-90F9C06978D4}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
FirewallRules: [{DCCC4C09-38AC-4106-82C9-36B5059C3EDE}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{CFFEEADA-8E35-476D-9018-B63240888C7A}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{2BFC7583-91DE-4229-BA9B-6218A5F21BF2}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
 
==================== Restore Points =========================
 
25-06-2017 13:34:23 Device Driver Package Install: Phantom TAP-Windows Provider V9 Network adapters
25-06-2017 13:47:04 Avira System Speedup Optimization
25-06-2017 13:48:43 Avira System Speedup Optimization
25-06-2017 21:13:42 Avira System Speedup Optimization
26-06-2017 10:24:07 Windows Update
26-06-2017 13:03:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2017 01:03:37 PM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 12:01:41 PM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:55:44 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:50:15 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:38:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 11:38:40 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 10:24:38 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 10:24:31 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
Error: (06/26/2017 07:44:20 AM) (Source: HP Active Health) (EventID: 2800) (User: )
Description: Agent SystemState threw an exception: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
   at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
   at System.Diagnostics.PerformanceCounterLib.get_NameTable()
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CpuUsage()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.FetchValues()
   at HP.ActiveHealth.Agents.SystemState.SystemStateAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/26/2017 07:44:08 AM) (Source: flcdlock) (EventID: 1034) (User: )
Description: An error occurred setting a security descriptor on the device \\.\avusbflt.
 
 
The system error code is 0x5:-
 
Access is denied.
 
 
System errors:
=============
Error: (06/26/2017 01:10:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (06/26/2017 01:05:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/26/2017 01:05:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719).
 
Error: (06/26/2017 01:04:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/26/2017 10:30:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (06/26/2017 10:25:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/26/2017 10:25:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719).
 
Error: (06/26/2017 10:24:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (06/25/2017 10:54:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 10:52:00 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume D: were aborted because of a failed free space computation.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 18:23:15.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 12:34:09.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:39:39.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-30 06:38:10.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-29 07:13:05.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 26%
Total physical RAM: 7612.08 MB
Available physical RAM: 5593.64 MB
Total Virtual: 15222.35 MB
Available Virtual: 11638.36 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:855.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
 
==================== End of Addition.txt ============================   Windows update not working; we was able to stream movies, but not we get a bunch of errors & don't know if they are real or fake stuff; Like adobe flash is turned off, or google is outdated, flash player not installed....etc. Later, "if" we can work out the bugs/virus Whatever it is, Can You help us make our Brothers wifi work with this computer, I don't know how to make this find that... 


Edited by bonezz777, 26 June 2017 - 03:23 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,782 posts
  • MVP

FRST says it is running from C:\Users\Tim\Desktop so you need to save the fixlist.txt file to the desktop.  Then fire up FRST (right click and Run As Admin) and then hit Fix.

 

You just disable the DVD during the uninstall.  You can reenable it after you are done.

 

Get Windows Repair all in one

 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure all of these are checked before hitting Start: (others can be checked.  They won't hurt anything just makes it take longer to finish)
 
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Internet Explorer
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
 
 
Reboot when done and run VEW again as before (for System and Applicatuions).

  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP