Hello, love this site so helpful. Hope you can help me.
Symptoms: painfully slow processing of desktop, using windows 10 Home, Pentium PC dual core. I noticed significant slowing down, also 2 other things:
1. emails bouncing back saying problem was a virus or malware at my end
2. my anti-virus can't seem to complete or even get going - it's stuck at 0% complete!
Using Avast anti-virus free that I normally run daily and Malwarebytes which I run a few times a week.
I'm not sure if I have a virus but something is stopping me running my anti-virus and my PC is running SO slowly it takes a few minutes to load e.g. google and not being able to send emails without a bounce back. I can receive emails though.
thanks for any help you can provide. I'm based in UK so please forgive any time differences while responding.
thank you so much.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-10-2017
Ran by Frances (administrator) on FRANCES-PC (10-10-2017 18:25:00)
Running from C:\Users\Frances\Desktop
Loaded Profiles: Frances (Available Profiles: Frances & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1703 170317-1834 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Netherlands B.V) C:\Program Files\AVG Driver Updater\AVG Driver Updater.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
(Google) C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(f.lux Software LLC) C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
() C:\Users\Frances\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Domit UK LTD) C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Dropbox, Inc.) C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [14870192 2017-01-19] (MyHeritage)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [286784 2015-09-25] (RealNetworks, Inc.)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [98304 2005-02-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-04] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-07-14] (Apple Inc.)
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [googletalk] => C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [f.lux] => C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe [1663480 2017-09-10] (f.lux Software LLC)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [Dropbox Update] => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-12] (Dropbox, Inc.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [Amazon Music] => C:\Users\Frances\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [MP3 Skype recorder] => C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2528384 2017-06-11] (Domit UK LTD)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [GoogleChromeAutoLaunch_7CD9BB1A08B3BB05DE7E94CD998E8B7C] => C:\Program Files\Google\Chrome\Application\chrome.exe [1249624 2017-09-21] (Google Inc.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr [4587520 2015-10-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-25]
ShortcutTarget: RealTimes.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1aefd181-f14e-4463-b2d2-39c1367b81a8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1eb4cfc4-7649-413f-870b-bb36d0d3979f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a79483d2-6796-4059-832a-41a709a2aae1}: [NameServer] 8.8.8.8,8.8.4.4
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-08-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090 [2017-10-04]
FF user.js: detected! => C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090\user.js [2017-05-02]
FF Extension: (The Camelizer) - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090\Extensions\
[email protected] [2017-07-18]
FF Extension: (Avast Passwords) - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090\Extensions\
[email protected] [2017-07-18]
FF Extension: (Pin It button) - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090\Extensions\
[email protected] [2015-09-30]
FF Extension: (Avast SafePrice) - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090\Extensions\
[email protected] [2017-06-18]
FF Extension: (Avast Online Security) - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\aral8r35.default-1443125244090\Extensions\
[email protected] [2017-09-01]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-29] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-29] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-11-29] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-10] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2011-09-07] (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @real.com/nppl3260;version=18.0.2.59 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-09-25] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-09-25] (RealTimes)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Frances\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-05-03] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-07-05]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default [2017-07-22]
CHR Extension: (Google Docs) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Google Search) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Avast SafePrice) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Avast Online Security) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-19]
CHR Extension: (Skype) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (HubSpot Sales) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2017-07-22]
CHR Extension: (Gmail) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-04] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2011-03-29] (Alcatel-Lucent) [File not signed]
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
S2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-25] (RealNetworks, Inc.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [294168 2017-10-04] (Reason Software Company Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [99560 2017-10-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777952 2017-10-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [149824 2017-10-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-04] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [166840 2017-10-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [91576 2017-10-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [40384 2017-10-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [221112 2017-10-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [75712 2017-10-10] (Malwarebytes)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 RsFx0105; C:\WINDOWS\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [22728 2017-10-10] (SlimWare Utilities, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-10 18:25 - 2017-10-10 18:28 - 000048518 _____ C:\Users\Frances\Desktop\FRST.txt
2017-10-10 18:24 - 2017-10-10 18:25 - 000000000 ____D C:\FRST
2017-10-10 18:19 - 2017-10-10 18:19 - 001797632 _____ (Farbar) C:\Users\Frances\Desktop\FRST.exe
2017-10-10 17:17 - 2017-10-10 17:17 - 000000000 __SHD C:\found.003
2017-10-10 17:02 - 2017-10-10 17:02 - 000000000 __SHD C:\found.002
2017-10-10 17:02 - 2017-10-10 17:02 - 000000000 __SHD C:\found.001
2017-10-09 20:18 - 2017-10-10 17:19 - 000091576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-09 20:18 - 2017-10-10 17:19 - 000075712 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-09 20:18 - 2017-10-09 20:18 - 000166840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-09 20:17 - 2017-10-10 17:19 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-09 20:17 - 2017-10-09 20:17 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-09 20:17 - 2017-10-09 20:17 - 000002097 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-09 20:17 - 2017-10-09 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-09 20:17 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-10-09 20:16 - 2017-10-09 20:16 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-09 20:16 - 2017-10-09 20:16 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-05 10:30 - 2017-10-05 10:30 - 000000000 ____D C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-04 21:38 - 2017-10-04 21:37 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-14 21:52 - 2017-09-14 21:52 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-14 21:37 - 2017-09-05 05:59 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-14 21:37 - 2017-09-05 05:54 - 001854832 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-14 21:37 - 2017-09-05 05:51 - 000380320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-14 21:37 - 2017-09-05 05:50 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-14 21:37 - 2017-09-05 05:48 - 000155040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-14 21:37 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-14 21:37 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-14 21:37 - 2017-09-05 05:43 - 000480160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-14 21:37 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-14 21:37 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-14 21:37 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-14 21:37 - 2017-09-05 05:41 - 000078752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-14 21:37 - 2017-09-05 05:37 - 002079136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-14 21:37 - 2017-09-05 05:37 - 000498592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-14 21:37 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-14 21:37 - 2017-09-05 05:23 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-14 21:37 - 2017-09-05 05:23 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-14 21:37 - 2017-09-05 05:23 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-14 21:37 - 2017-09-05 05:22 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-14 21:37 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-14 21:37 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-14 21:37 - 2017-09-05 05:21 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-14 21:37 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-14 21:37 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-14 21:37 - 2017-09-05 05:19 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-14 21:37 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-14 21:37 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-14 21:37 - 2017-09-05 05:18 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-14 21:37 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-14 21:37 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-14 21:37 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-14 21:37 - 2017-09-05 05:16 - 000828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-14 21:37 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-14 21:37 - 2017-09-05 05:16 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-14 21:37 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-14 21:37 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-14 21:37 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-14 21:37 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-14 21:37 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-14 21:37 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-14 21:37 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-14 21:37 - 2017-09-05 05:11 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-14 21:37 - 2017-09-05 05:11 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-14 21:37 - 2017-09-05 05:11 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-14 21:37 - 2017-09-05 05:10 - 001831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-14 21:37 - 2017-09-05 05:06 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-14 21:36 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-14 21:36 - 2017-09-05 05:55 - 000103840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-14 21:36 - 2017-09-05 05:54 - 005862816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-14 21:36 - 2017-09-05 05:53 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-14 21:36 - 2017-09-05 05:53 - 000129952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-14 21:36 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-14 21:36 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-14 21:36 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-14 21:36 - 2017-09-05 05:45 - 002022816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-14 21:36 - 2017-09-05 05:44 - 000173984 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-14 21:36 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-14 21:36 - 2017-09-05 05:43 - 000597920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-14 21:36 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-14 21:36 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-14 21:36 - 2017-09-05 05:43 - 000186784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-14 21:36 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-14 21:36 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-14 21:36 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-14 21:36 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-14 21:36 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-14 21:36 - 2017-09-05 05:22 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-14 21:36 - 2017-09-05 05:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-14 21:36 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-14 21:36 - 2017-09-05 05:19 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-14 21:36 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-14 21:36 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-14 21:36 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-14 21:36 - 2017-09-05 05:17 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-14 21:36 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-14 21:36 - 2017-09-05 05:16 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-14 21:36 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-14 21:36 - 2017-09-05 05:16 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-14 21:36 - 2017-09-05 05:16 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-14 21:36 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-14 21:36 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-14 21:36 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-14 21:36 - 2017-09-05 05:14 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-14 21:36 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-14 21:36 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-09-14 21:36 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-14 21:36 - 2017-09-05 05:11 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-14 21:36 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-14 21:36 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-14 21:36 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-14 21:36 - 2017-09-05 05:10 - 001571840 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-14 21:36 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-09-14 21:36 - 2017-09-02 02:44 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-14 21:35 - 2017-09-05 06:13 - 001241240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-14 21:35 - 2017-09-05 06:12 - 001427656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-14 21:35 - 2017-09-05 06:12 - 000096168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-14 21:35 - 2017-09-05 05:51 - 000698376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-14 21:35 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-14 21:35 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-14 21:35 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-14 21:35 - 2017-09-05 05:43 - 001093024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-14 21:35 - 2017-09-05 05:43 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-14 21:35 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-14 21:35 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-14 21:35 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-14 21:35 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-14 21:35 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-14 21:35 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-14 21:35 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-14 21:35 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-14 21:35 - 2017-09-05 05:26 - 001157120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-14 21:35 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-14 21:35 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-14 21:35 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-14 21:35 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-14 21:35 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-14 21:35 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-14 21:35 - 2017-09-05 05:25 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-14 21:35 - 2017-09-05 05:25 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-14 21:35 - 2017-09-05 05:25 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-14 21:35 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-14 21:35 - 2017-09-05 05:22 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-14 21:35 - 2017-09-05 05:22 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-14 21:35 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-14 21:35 - 2017-09-05 05:21 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-14 21:35 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-14 21:35 - 2017-09-05 05:21 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-14 21:35 - 2017-09-05 05:21 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-14 21:35 - 2017-09-05 05:21 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-14 21:35 - 2017-09-05 05:21 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-14 21:35 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-14 21:35 - 2017-09-05 05:20 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-14 21:35 - 2017-09-05 05:20 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-14 21:35 - 2017-09-05 05:19 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-14 21:35 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-14 21:35 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-14 21:35 - 2017-09-05 05:19 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-14 21:35 - 2017-09-05 05:19 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-14 21:35 - 2017-09-05 05:18 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-14 21:35 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-14 21:35 - 2017-09-05 05:18 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-14 21:35 - 2017-09-05 05:18 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-14 21:35 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-14 21:35 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-14 21:35 - 2017-09-05 05:17 - 000631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-14 21:35 - 2017-09-05 05:17 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-14 21:35 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-14 21:35 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-14 21:35 - 2017-09-05 05:16 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-14 21:35 - 2017-09-05 05:15 - 002957824 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-14 21:35 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-14 21:35 - 2017-09-05 05:14 - 001992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-14 21:35 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-14 21:35 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-14 21:35 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-14 21:35 - 2017-09-05 05:13 - 001842688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-14 21:35 - 2017-09-05 05:13 - 001089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-14 21:35 - 2017-09-05 05:13 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-14 21:35 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-14 21:35 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-14 21:35 - 2017-09-05 05:12 - 001832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-14 21:35 - 2017-09-05 05:12 - 001367552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-14 21:35 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-14 21:35 - 2017-09-05 05:11 - 002156544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-14 21:35 - 2017-09-05 05:11 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-14 21:35 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-14 21:35 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-14 21:35 - 2017-09-05 05:11 - 000610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-14 21:35 - 2017-09-05 05:11 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-14 21:35 - 2017-09-05 05:10 - 002122752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-14 21:35 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-14 21:35 - 2017-09-05 05:10 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-14 21:35 - 2017-09-05 05:09 - 001646592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-14 21:35 - 2017-09-05 05:08 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-14 21:35 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-14 21:35 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-14 21:35 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-10 18:23 - 2010-10-11 16:43 - 000000000 ____D C:\Users\Frances\AppData\Roaming\Skype
2017-10-10 17:52 - 2017-07-15 16:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-10 17:33 - 2017-03-18 19:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 17:33 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-10 17:22 - 2016-01-31 12:21 - 000000468 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job
2017-10-10 17:20 - 2016-01-31 12:21 - 000022728 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-10-10 17:18 - 2017-07-15 17:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-10 17:06 - 2017-03-18 07:02 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-10-10 17:05 - 2017-07-15 16:51 - 000000000 ____D C:\Users\Frances
2017-10-10 15:03 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-09 20:16 - 2014-09-12 11:25 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-10-09 20:16 - 2010-10-09 17:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-08 12:41 - 2017-07-08 11:16 - 000000000 ____D C:\Users\Frances\AppData\Local\GoToMeeting
2017-10-05 10:31 - 2011-11-03 13:00 - 000000000 ____D C:\Users\Frances\AppData\Roaming\Dropbox
2017-10-04 21:58 - 2010-11-22 11:36 - 000000000 ____D C:\Users\Frances\AppData\Local\ElevatedDiagnostics
2017-10-04 21:52 - 2017-07-15 16:48 - 001152846 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-04 21:45 - 2015-11-10 21:09 - 000000664 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1527785505-3915310178-3884954049-1000.job
2017-10-04 21:45 - 2015-11-10 21:09 - 000000568 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1527785505-3915310178-3884954049-1000.job
2017-10-04 21:38 - 2017-06-08 08:47 - 000055160 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000499560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000149824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000099560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-04 21:38 - 2017-05-01 21:54 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-04 21:38 - 2017-05-01 21:41 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-04 21:37 - 2017-05-01 21:54 - 000777952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-04 21:37 - 2017-05-01 21:54 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-04 21:37 - 2017-05-01 21:54 - 000255624 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-04 21:37 - 2017-05-01 21:54 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-04 21:37 - 2017-05-01 21:54 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-10-04 21:29 - 2017-07-19 11:04 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-04 21:29 - 2011-02-27 13:38 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-21 12:40 - 2017-03-18 19:23 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-21 09:53 - 2015-11-30 21:27 - 000002413 _____ C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 09:53 - 2015-11-30 21:27 - 000000000 ___RD C:\Users\Frances\OneDrive
2017-09-18 10:37 - 2017-09-02 09:40 - 000002210 _____ C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-09-17 17:40 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\rescache
2017-09-17 12:55 - 2015-09-10 05:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-17 12:51 - 2017-03-18 19:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-17 12:50 - 2017-07-15 16:45 - 000409168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-14 23:58 - 2017-03-18 19:23 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-14 23:58 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-14 23:58 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-14 23:58 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-14 23:58 - 2017-03-18 19:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-14 22:44 - 2013-07-24 01:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-14 22:13 - 2010-10-09 10:18 - 135337392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-14 22:10 - 2017-03-18 19:14 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 17:49 - 2010-10-31 18:40 - 000000000 ____D C:\Users\Frances\AppData\Local\Microsoft Help
2017-09-12 14:07 - 2016-11-29 15:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
==================== Files in the root of some directories =======
2011-06-27 23:28 - 2011-06-27 23:29 - 000015044 _____ () C:\Program Files\cc_20110627_232823.reg
2013-07-23 13:26 - 2013-07-23 13:27 - 000036154 _____ () C:\Program Files\cc_20130723_132652.reg
2010-11-08 16:25 - 2016-07-25 17:03 - 000006144 _____ () C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-27 09:30 - 2011-06-27 09:30 - 000000000 _____ () C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
2011-06-07 11:10 - 2011-06-07 11:11 - 000000000 _____ () C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
2010-10-11 16:43 - 2010-10-11 16:43 - 000000056 _____ () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
2017-09-14 20:06 - 2017-09-05 14:52 - 000186224 _____ (RealNetworks, Inc.) C:\Users\Frances\AppData\Local\Temp\lowproc.exe
2017-07-15 17:37 - 2017-07-15 17:37 - 000001536 _____ () C:\Users\Frances\AppData\Local\Temp\NOSEventMessages.dll
2017-09-14 20:06 - 2017-09-05 14:52 - 000096440 _____ (RealNetworks, Inc.) C:\Users\Frances\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-04 21:56
==================== End of FRST.txt ============================
ADDITION HERE:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-10-2017
Ran by Frances (10-10-2017 18:30:53)
Running from C:\Users\Frances\Desktop
Microsoft Windows 10 Home Version 1703 170317-1834 (X86) (2017-07-15 16:30:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1527785505-3915310178-3884954049-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1527785505-3915310178-3884954049-503 - Limited - Disabled)
Frances (S-1-5-21-1527785505-3915310178-3884954049-1000 - Administrator - Enabled) => C:\Users\Frances
Guest (S-1-5-21-1527785505-3915310178-3884954049-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Amazon Music (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcSoft VideoImpression 2 (HKLM\...\{244E21B9-164C-4EC1-AED8-9BD64161E66D}) (Version: - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{C2E455CE-A952-4711-9505-51A8898B113F}) (Version: - ArcSoft)
Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2000575200.48.56.30674154 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Avery Wizard 3.1 (HKLM\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
AVG 2016 (HKLM\...\{AE3CE485-0996-413D-A897-D2F80D44982D}) (Version: 16.0.4776 - AVG Technologies) Hidden
AVG Driver Updater (HKLM\...\{16B33C61-7854-4974-8964-E4D905BF948B}) (Version: 2.2.1 - AVG Netherlands B.V)
AVG Driver Updater (HKLM\...\{77111D70-4E86-4874-A30E-3E8A49E61A37}) (Version: 2.2.1 - AVG Netherlands B.V)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM\...\{E4B48349-A165-4097-8D78-AC950BD8638E}) (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Business Contact Manager for Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Citrix Online Launcher (HKLM\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
DriverUpdate (HKLM\...\{E3B2301A-17BB-441E-B432-FF4DC8549B8A}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
EPSON Attach To Email (HKLM\...\{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Easy Photo Print (HKLM\...\{F19D07BC-6240-49D3-BA5C-59B015DF8916}) (Version: 1.2.2.0 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
ESDX3800 User's Guide (HKLM\...\ESDX3800 User's Guide) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Flux) (Version: - f.lux Software LLC)
FinePrint (HKLM\...\FinePrint) (Version: 6.15 - FinePrint Software, LLC)
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.14.0.7716 (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\GoToMeeting) (Version: 8.14.0.7716 - LogMeIn, Inc.)
IAW20 (HKLM\...\IAW20) (Version: - )
iCloud (HKLM\...\{AFA154E8-2D57-4789-AB2D-9761E6AC5988}) (Version: 6.2.3.17 - Apple Inc.)
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{BE5DD9B6-9DF7-4163-A39E-E2141C7A7488}) (Version: 12.6.2.20 - Apple Inc.)
Kobo (HKLM\...\Kobo) (Version: 3.19.3765 - Rakuten Kobo Inc.)
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 55.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 55.0.3 (x86 en-GB)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MP3 Skype recorder (HKLM\...\{9077516C-961C-437A-BFC2-548C1E56B7D8}) (Version: 4.33.1.0 - Domit LTD)
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 8.0.0.8372 - MyHeritage.com)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia Suite (HKLM\...\{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}) (Version: 3.8.48.0 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}) (Version: 3.58.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version: - )
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM\...\{13743594-F75E-491E-9EFF-203C8F8DF705}) (Version: 18.1.4.144 - RealNetworks) Hidden
RealDownloader (HKLM\...\{B0235718-21E0-4A90-A42F-9C64C1B531CD}) (Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM\...\{f05bfa4b-0c78-4a3e-aa74-8c220b4a7782}) (Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sidekick Outlook plugin (HKLM\...\{E40911D4-0327-43CF-9D77-DCCC68235F2A}) (Version: 1.3.4.167 - HubSpot, Inc.)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (HKLM\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
TweetDeck (HKLM\...\{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}) (Version: 0.38.1 - TweetDeck Inc) Hidden
TweetDeck (HKLM\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.1 - TweetDeck Inc)
Unchecky v1.1 (HKLM\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
UpdateService (HKLM\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (HKLM\...\{8B6202FD-3790-4DD4-B343-51736F7FF4E5}) (Version: 1.2.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vocal Remover (HKLM\...\{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}) (Version: 1.2.4 - Make-Your-Own-Karaoke.com) Hidden
Vocal Remover (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Vocal Remover) (Version: - Make-Your-Own-Karaoke.com)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinX HD Video Converter Deluxe 5.9.3 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.67 - dnSoft Research Group)
Zoom (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\program\so_activex.dll ()
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofiltproxy.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Frances\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AvWizRes.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Frances\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => -> No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => -> No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => -> No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => -> No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => -> No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => -> No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => -> No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers1: [EPPShellEx] -> {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} => C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll [2005-06-14] (SEIKO EPSON CORPORATION)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files\real\realplayer\RPDS\Bin\rpcontextmenu.dll [2015-09-25] (RealNetworks, Inc.)
ContextMenuHandlers5: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1527785505-3915310178-3884954049-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1527785505-3915310178-3884954049-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1527785505-3915310178-3884954049-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.18.0.dll [2017-10-03] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A5CB33-4125-4B0B-9A19-BB42ED10E15E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0BF4CE4D-706E-46CC-A3E9-F900A6C97CFC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0C973607-48C4-4CB1-9362-C08C7B89B9CD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {0D006784-9F68-48C8-951A-7B103565C935} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EAAC100-C240-4FB0-A44A-6A35ED085F48} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {16F15878-149B-42AF-871E-167E739DE86A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1CBD99BA-38C4-454A-A734-6B52CB2A2B13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {233D3EA4-E92C-406C-B9DF-3FAF13E924A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2398C2BC-FA45-4542-81F5-524327E99F68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B17A39E-0C7C-42A7-A404-47C0EB3FFE4F} - System32\Tasks\{6F30B801-45EE-40AC-8EE3-E56FDF76A6EF} => C:\Program Files\Amazon\Kindle For PC\KindleForPC.exe [2010-11-11] (Amazon.com)
Task: {2BA59DBA-0F6A-4EB1-9F6C-52186FC604A0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {2F4E1279-DA33-41A6-BB6C-27B17B2834E0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {303EF2FA-1F9C-4921-9882-809C91B44C67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {357FA1D8-6B55-4F78-A271-529E47B56CA5} - System32\Tasks\{D21AA598-1F4F-444C-AE7E-D9A8859E4467} => C:\Windows\system32\pcalua.exe -a C:\Users\Frances\Downloads\AdobeAIRInstaller.exe -d C:\Users\Frances\Downloads
Task: {364019F1-F2F0-445D-ADED-5469741345CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {3A0FE399-96CB-4A97-9212-BB48B7052B31} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core1d2547a85f36cde => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-12] (Dropbox, Inc.)
Task: {3BCFD906-281B-4778-856B-D93A263BE748} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {41D8CFDB-F028-4B44-A129-AEE653CDA760} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {434777C4-90D8-47FF-BFBE-3FC9CAB86337} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49665422-47D1-4A02-A8BE-0552F73BEF80} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {49F3AF18-44C2-4FF3-A3E2-0F2AC57BBF82} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4DD1B6AA-F2FB-426A-97FA-6D9D1D89A5BF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EEDC6CB-4B67-45D4-AE9E-A78F4A409106} - System32\Tasks\{B05DA352-45C0-4F77-94B8-D5DCEB1BEECD} => C:\Windows\system32\pcalua.exe -a C:\Users\Frances\Downloads\avg_tuh_stf_all_2015_403_24c34.exe -d C:\Users\Frances\Downloads
Task: {4EFB0FF1-BAD9-4CF0-98A8-59272A5D37C6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51AB735F-8C70-49CF-A8C5-A7A0CD87ECEB} - System32\Tasks\{35403C0F-6676-4E10-935F-D491A61AD217} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {60E03A30-D787-44B6-AB33-6E8DC9202916} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64488833-3861-4B7C-9E76-164AF285B417} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {64C705D5-6051-409F-B1E7-24064A1F46D8} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {6F167265-A75E-4B1A-A426-A07124757676} - System32\Tasks\G2MUpdateTask-S-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Users\Frances\AppData\Local\GoToMeeting\7716\g2mupdate.exe [2017-10-04] (LogMeIn, Inc.)
Task: {73829DC6-89A1-4F9B-AD2E-2ABD1CB217F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {744E1903-E680-46E3-BE96-15C07BCB4579} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77F6358B-295E-410F-B220-D91E617344F0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {78BBB9C5-2AD3-45EE-ABB7-EBF816664552} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {7B2A31D9-B908-4433-9758-CD7D2D67B211} - System32\Tasks\{E5433F60-B49A-4967-A5B6-7BABE2F0F12B} => C:\Windows\system32\pcalua.exe -a "C:\My Documents\My Documents\My Music\Vocal_Remover_Installer.exe" -d "C:\My Documents\My Documents\My Music"
Task: {7E89D135-9068-4AB2-A641-9EE2359532C8} - System32\Tasks\{4A096E15-7CAA-4A7D-ADA6-0FDB95784895} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1618
Task: {7E9619D9-DE1D-4380-990F-80A0528749EE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {84617E69-F180-4A89-845D-78FCC630D7E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {84E295E6-7CBB-4879-A6E4-B00239A9F4DF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84F4E8C6-280B-432D-A205-2D4D40B02DF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A2FDD54-1127-44C8-9452-083799BFE69E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8FED1C95-A43C-4545-BBC1-ACDEC9711A5B} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {90395C66-3721-462E-822A-554DA714AB35} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {941F387D-EEA6-4EED-BFB7-4BC783F072A8} - System32\Tasks\SafeZone scheduled Autoupdate 1493672884 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {947283EE-A3BB-4C18-91A7-8C16330DFBCD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA1d2547a869cb7af => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-12] (Dropbox, Inc.)
Task: {94B55B4D-BA42-4307-8AF2-6E5C730F53AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {97935E8C-972B-4116-A33C-2B139BEB07E1} - System32\Tasks\{A361237D-EC42-41F8-BF87-91BCB603F979} => C:\Windows\system32\pcalua.exe -a C:\Users\Frances\Desktop\EasyInstall.exe -d C:\Users\Frances\Desktop
Task: {995CD8E6-DDCC-4225-A01C-84352C04ECD1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9E7D6F2F-08AE-495F-B53B-F250E7EAEA64} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A0BCE482-1D25-4A09-932E-25EF2E85C463} - System32\Tasks\G2MUploadTask-S-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Users\Frances\AppData\Local\GoToMeeting\7716\g2mupload.exe [2017-10-04] (LogMeIn, Inc.)
Task: {A17B76AE-8760-41B6-8F77-DAEF8B8C2AA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A1808B03-63BE-48F0-929E-1C92150FF164} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files\AVG Driver Updater\AVG Driver Updater.exe [2015-07-27] (AVG Netherlands B.V)
Task: {BE043F62-5F1F-412B-90D0-F6DD9CBD33D4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {C505EE41-69E4-47C9-B9CC-173E03C244F3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CBF392AA-617E-4328-826C-038BF4F7EB55} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Frances Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
Task: {D3980F76-7407-43C5-B449-94E50E03B79C} - \RealTimes (32-bit) -> No File <==== ATTENTION
Task: {D5598CA4-513C-4CCF-AA4F-0F312BFD251B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D5C244D7-872F-4009-8850-C9A14EBE7FD1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {D78FB027-39B2-44CF-A1F2-CB2DCF907C19} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {DDA24282-C167-4AEB-BE95-5B422D06C663} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0FA38FB-B69A-4CBE-A826-4037DD0EE8A2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E1568D66-DFC8-4897-8E17-137B9A274D37} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E369A607-626C-4A99-9C7B-896D11CBEE5F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {EE45F868-83BB-48F9-B4C0-DFF1761EA962} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {EE99BD7C-D3D9-4A01-801E-C02D2F96E0B0} - System32\Tasks\{70BEF97D-6873-4354-BFC2-0CAC1AE91DB4} => C:\Program Files\Skype\Phone\Skype.exe [2017-08-25] (Skype Technologies S.A.)
Task: {F4BE2693-7D8C-4CF3-9A65-95F8220D66D6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F662C748-DEAF-43EE-840B-413A61611A2C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {F8B2E0C1-008B-414E-901D-389A8C94F607} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA2D9658-2138-456A-962B-1BCA14166590} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAFCED98-851C-43D5-9CE1-6583B136FB36} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files\AVG Driver Updater\AVG Driver Updater.exe [2015-07-27] (AVG Netherlands B.V)
Task: {FCD84654-7F51-40D3-B520-4D8A04E5AC41} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-04] (AVAST Software)
Task: {FF4E2162-F4DB-4F62-8456-DCEA2E93016E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FF56A3E0-3CEF-4C78-AADC-EA065FB9CD5F} - System32\Tasks\{DD17235B-3028-4820-A80A-2A83CB1E044E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TADF8N04\jre-6u27-windows-i586-iftw.exe" -d C:\Users\Frances\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core1d2547a85f36cde.job => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA1d2547a869cb7af.job => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1527785505-3915310178-3884954049-1000.job => C:\Users\Frances\AppData\Local\GoToMeeting\7716\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1527785505-3915310178-3884954049-1000.job => C:\Users\Frances\AppData\Local\GoToMeeting\7716\g2mupload.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Frances\Documents\DESKTOP ARCHIVE\Instructions Important!.lnk -> hxxp://www.make-your-own-karaoke.com/instructions.ht
Shortcut: C:\Users\Frances\Desktop\Order Karaoke CDs.lnk -> hxxp://fastkaraoke.com
Shortcut: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vocal Remover\Instructions Important!.lnk -> hxxp://www.make-your-own-karaoke.com/instructions.ht
Shortcut: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vocal Remover\Order Karaoke CDs.lnk -> hxxp://www.fastkaraoke.com
==================== Loaded Modules (Whitelisted) ==============
2017-03-18 19:19 - 2017-03-18 19:19 - 000116824 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 ____N () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 ____N () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-09 20:17 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-09 20:17 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 19:19 - 2017-03-18 21:25 - 001456128 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-05 18:18 - 2016-07-05 18:18 - 000714992 ____N () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
2016-07-05 18:13 - 2016-07-05 18:13 - 001382048 ____N () C:\Program Files\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-09-25 10:51 - 2015-09-25 10:51 - 000595544 ____N () c:\program files\real\realplayer\RPDS\Lib\r1api.dll
2016-07-05 18:18 - 2016-07-05 18:18 - 000077552 ____N () C:\Program Files\RealNetworks\RealDownloader\dtvhooks.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-07 19:18 - 2017-07-07 19:19 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-10 17:23 - 2017-10-10 17:23 - 005880504 _____ () C:\Program Files\AVAST Software\Avast\defs\17101004\algo.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 008507232 ____N () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 002354016 ____N () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 001014624 ____N () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000364384 ____N () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 002480992 ____N () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000206176 ____N () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 002653024 ____N () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 001346912 ____N () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000033120 ____N () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000035680 ____N () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000207200 ____N () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 011166560 ____N () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 000276832 ____N () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 000391600 ____N () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 000059280 ____N () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 000438624 ____N () C:\Program Files\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000446304 ____N () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000520544 ____N () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 000720736 ____N () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 000606560 ____N () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 000093024 ____N () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2015-12-12 22:12 - 2016-06-16 21:05 - 005908968 _____ () C:\Users\Frances\AppData\Local\Amazon Music\Amazon Music Helper.exe
2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2017-08-17 16:51 - 2017-08-17 16:51 - 001993184 ____R () C:\Program Files\Skype\Phone\skypert.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 000436576 ____N () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 000318304 ____N () C:\Program Files\Evernote\Evernote\libtidy.dll
2017-09-01 12:46 - 2017-08-04 10:38 - 071398944 _____ () C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser_browser.dll
2017-10-04 21:37 - 2017-10-04 21:37 - 000626936 _____ () C:\Program Files\AVAST Software\Avast\AvastNM.exe
2013-03-06 08:09 - 2013-03-06 08:09 - 000502440 ____N () C:\Program Files\Microsoft Office\Office14\MSODCW.DLL
2017-10-05 18:32 - 2017-10-05 18:32 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x86__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\110hobart.com -> 110hobart.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\114anhui.com -> 114anhui.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\123found.com -> 123found.com
There are 4028 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2017-10-10 17:18 - 000002516 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frances\Pictures\Picasa\Backgrounds\picasabackground-001.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "QuickTime Task"
HKLM\...\StartupApproved\Run: => "TkBellExe"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7CD9BB1A08B3BB05DE7E94CD998E8B7C"
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\StartupApproved\Run: => "Zoom"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7F8C99F3-FCE6-40B0-825B-5A793DDFF03E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FBE777CD-886C-4A4E-9F0B-DF54E698590F}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{9476F837-2DD6-481F-800B-8E50B0E7892F}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{338E65C7-0410-4F60-85D5-0B2CA88E8B42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D61F7DCF-1FD6-42F6-BA3D-619B403AE841}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8C06E19-5262-46E5-9A95-2AB31D103B8C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{540616DA-2357-4637-9F8C-563216ACACF6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0EBE1CB1-CABB-4A7F-84DC-67481978D27E}] => (Allow) c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{4EA41384-E7C2-4CC4-BD21-A4DE470C82EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56B95ABB-C33D-43C4-9D02-00854321941B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D961EC6-EB57-472F-A20A-5E0BA51353AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5E300AF4-9E26-43D0-990F-58ECDB345035}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4AD67713-BF5C-49CA-9260-8A6654D2D3EE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{FED74EE1-6EDD-45A1-A70A-567CD06BF01C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F351E776-4A70-4B26-9852-DD1A361F1283}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{37E3AC75-6EB7-409C-91D0-C630A29E5419}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-09-2017 21:44:18 Windows Update
04-10-2017 22:20:42 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2017 06:13:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae234e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x00000000
Faulting process id: 0x1db0
Faulting application start time: 0x01d341ead7dd3a1c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 22f3d09b-b8f7-4559-8cad-8286245307c8
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (10/10/2017 05:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 0.0.0.0, time stamp: 0x55b70507
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x4c143763
Exception code: 0xc0000005
Fault offset: 0x000b6eb1
Faulting process id: 0xcc0
Faulting application start time: 0x01d341e3642e2690
Faulting application path: C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1a0a56dc-d394-4853-9279-f2da9f7e1a07
Faulting package full name:
Faulting package-relative application ID:
Error: (10/10/2017 05:18:25 PM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
Error: (10/10/2017 02:57:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: downloader2.exe, version: 18.1.4.144, time stamp: 0x577c5c60
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x4c143763
Exception code: 0xc0000005
Fault offset: 0x000b6eb1
Faulting process id: 0xd0c
Faulting application start time: 0x01d341bec9b6105f
Faulting application path: C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f18ca309-1a11-4379-a3a4-0b1784f746fc
Faulting package full name:
Faulting package-relative application ID:
Error: (10/10/2017 12:16:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: downloader2.exe, version: 18.1.4.144, time stamp: 0x577c5c60
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x4c143763
Exception code: 0xc0000005
Fault offset: 0x000b6eb1
Faulting process id: 0x1dd4
Faulting application start time: 0x01d341a8825f0101
Faulting application path: C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 80d7806a-79f1-4f38-8e5e-ce6c8fc2d708
Faulting package full name:
Faulting package-relative application ID:
Error: (10/10/2017 11:10:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Frances-PC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/10/2017 11:09:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae234e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x00000000
Faulting process id: 0x92c
Faulting application start time: 0x01d341afeb3b482d
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 6dfbd1c7-125c-490d-9ed9-8d7db9befd6c
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (10/10/2017 10:44:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 0.0.0.0, time stamp: 0x55b70507
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x4c143763
Exception code: 0xc0000005
Fault offset: 0x000b6eb1
Faulting process id: 0xac0
Faulting application start time: 0x01d341a83be74287
Faulting application path: C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1d3535e3-f659-4ea4-a727-23c5338dbee1
Faulting package full name:
Faulting package-relative application ID:
Error: (10/10/2017 10:14:55 AM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
Error: (10/10/2017 09:56:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\free editor\ngen\x64\ngen.exe".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (10/10/2017 05:56:53 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (10/10/2017 05:56:45 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (10/10/2017 05:48:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/10/2017 05:22:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (10/10/2017 05:18:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MSSQLServerADHelper100 service terminated with the following service-specific error:
%%3221225572
Error: (10/10/2017 05:18:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/10/2017 05:18:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (10/10/2017 05:18:06 PM) (Source: NTFS) (EventID: 137) (User: )
Description: The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
Error: (10/10/2017 05:06:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
Error: (10/10/2017 05:05:09 PM) (Source: DCOM) (EventID: 10010) (User: Frances-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2017-10-10 18:13:03.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 18:11:42.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 18:11:32.235
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 18:11:30.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 11:37:30.031
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 11:37:29.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 11:33:33.428
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 11:33:32.254
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 11:31:08.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
Date: 2017-10-10 11:31:08.013
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 83%
Total physical RAM: 2037.49 MB
Available physical RAM: 331.09 MB
Total Virtual: 4761.81 MB
Available Virtual: 1054.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.35 GB) (Free:94.85 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:10.47 GB) NTFS
Drive f: () (Fixed) (Total:54.99 GB) (Free:0 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D820D820)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2B1EBCE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================