Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezes or hangs randomly; mysterious pop-up


  • Please log in to reply

#1
oleander

oleander

    New Member

  • Member
  • Pip
  • 9 posts

Hi,

 

My desktop computer (on Win7) has been randomly hanging or freezing for 3 months.

 

The hanging/freezing is truly random - not always associated with any particular program or app.

 

Often the freezing is accompanied by the message, "Windows is not responding." And then one or more Windows programs (e.g. Explorer) or Microsoft programs (e.g. Outlook) might close out on its own; or I'll be asked if I want to close it out.

 

In those cases, I hit Restart to take it through a power cycle, although the Restart button doesn't always work...I sometimes have to force a shutdown by pressing down the power button.

 

Among the programs that have always (for many years) been working in the background are...

* Avast Free Anti-Virus

* Malwarebytes Pro

 

I regularly (about once weekly) did a Spybot Search & Destroy immunization, update & search.

 

After the freezes started, I tried the following actions but none has found any relevant spyware or done anything for my system: Checkdisk, system file check (sfc/scannow), defrag, Ccleaner (I did not touch anything registry-related), Microsoft Security Essentials scan, Malwarebytes Pro full scan, Malwarebytes Anti-Rootkit scan.

 

I was advised to do a System Restore to a prior restore point. I did that recently (3 months into the freezing-up behavior), but it accomplished nothing because only one Restore Point was listed and that was just one month ago. I then looked up any software downloaded onto the computer in the past 8 months or so and deleted any that seemed inessential, such as Microsoft Silverlight.

 

After all this, the random hanging & freezing is unchanged.

 

The computer (an HP Compaq 6000) is maybe 6 years old, has been heavily used and perhaps its hard drive is simply corrupted or failing. I recently cleaned out its vents with a vacuum. However, generally it's very well-ventilated and only very rarely do the fans heat up (like once every few months).

 

(Please ignore the "mysterious pop-up" wording in the subject line; that was a volume-slider issue that I have now fixed.)

 

Scan results posted below.

 

Thank you so much in advance,

Lisa T.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2017
Ran by home1 (administrator) on HOME1-PC (07-03-2017 12:09:02)
Running from C:\Users\home1\Downloads
Loaded Profiles: home1 (Available Profiles: home1)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
() C:\Program Files\Medialink\MWN-USB150N\UI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [Medialink Utilty] => C:\Program Files\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2017-03-05] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Run: [GoogleChromeAutoLaunch_37FB8025E6F7EFB356D22EA9A73C7B17] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\MountPoints2: {9dd2e349-6003-11e2-a02d-000ffecc69c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\MountPoints2: {d00eb987-e801-11e3-b5cf-000ffecc69c7} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\MountPoints2: {ea9c5f1c-e810-11e3-8633-000ffecc69c7} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{803DFA51-B425-4B33-BEB0-7FB9550AC85E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D5590473-9507-43AC-A870-826BAD3AF257}: [DhcpNameServer] 172.20.20.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2012-04-26] (SEIKO EPSON CORPORATION)
BHO: KeyScramblerBHO Class -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} -> C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2013-01-15] (QFX Software Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-05] (AVAST Software)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2012-04-26] (SEIKO EPSON CORPORATION)
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-03-17] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\home1\AppData\Roaming\Mozilla\Firefox\Profiles\cgyi1kqe.default-1466114901721 [2017-03-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-03-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013-01-26] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-03-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-06] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1189877189-4094998525-2142188208-1000: @citrixonline.com/appdetectorplugin -> C:\Users\home1\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-06] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.searchqu.com/406
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Profile: C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-03-06]
CHR Extension: (Google Cast) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-03-07]
CHR Extension: (Adblock Plus) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Anna Sui) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib [2014-06-09]
CHR Extension: (mail checker for gmail offline version) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiddmpcnmchdfhhlkhhbbhclladabik [2014-06-09]
CHR Extension: (Adobe Acrobat) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Quickrr Google Maps Search) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlfppnpmoiemhelglbefkojhlnahejd [2014-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-05]
CHR Extension: (Forecastfox) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2014-06-09]
CHR Extension: (Cisco WebEx Extension) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-03-05]
CHR Extension: (Make America Kittens Again) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klchnmggepghlcolikgaekpibclpmgcm [2017-03-05]
CHR Extension: (PlainClothes) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kleiknekfnnaaibjhlamidabhmckbddc [2014-06-09]
CHR Extension: (BugMeNot Lite) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2014-06-09]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-04]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-21]
CHR Extension: (Ghostery) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-03-05]
CHR Extension: (AutoPager Chrome) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-06-09]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-05]
CHR Extension: (Hover Zoom) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-03-05]
CHR Extension: (Google Quick Scroll) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-09-02]
CHR Extension: (Dolphin Connect) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajecklcmiegagoelbbjldmfcbcpdpll [2016-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-05]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\home1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-05-25]
CHR HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-03-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-08-18] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2012-11-21] (Meetinghouse Data Communications) [File not signed]
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2017-03-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2017-03-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2017-03-05] (AVAST Software)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [173880 2011-12-14] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [24960 2013-03-19] (Motorola Mobility Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [710144 2009-03-03] (Ralink Technology Corp.)
S1 MpKslb0658618; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F747EBC-D522-4B42-A6C5-7439D1EF918E}\MpKslb0658618.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 12:09 - 2017-03-07 12:10 - 00022719 _____ C:\Users\home1\Downloads\FRST.txt
2017-03-07 12:08 - 2017-03-07 12:09 - 00000000 ____D C:\FRST
2017-03-07 12:03 - 2017-03-07 12:03 - 01765888 _____ (Farbar) C:\Users\home1\Downloads\FRST.exe
2017-03-06 14:39 - 2017-01-05 09:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-06 14:39 - 2017-01-05 09:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-06 14:39 - 2017-01-05 09:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-06 14:39 - 2017-01-05 09:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-06 14:39 - 2017-01-05 09:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-06 14:39 - 2017-01-05 09:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-06 14:39 - 2016-11-20 06:07 - 00373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-06 14:39 - 2016-11-17 08:27 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-03-06 14:39 - 2016-11-14 14:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-06 14:39 - 2016-11-12 10:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-06 14:39 - 2016-11-12 10:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-06 14:39 - 2016-11-12 10:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-06 14:39 - 2016-11-12 10:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-06 14:39 - 2016-11-12 10:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-06 14:39 - 2016-11-12 10:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-06 14:39 - 2016-11-12 10:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-06 14:39 - 2016-11-12 10:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-06 14:39 - 2016-11-12 10:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-06 14:39 - 2016-11-12 10:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-06 14:39 - 2016-11-12 10:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-06 14:39 - 2016-11-12 10:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-06 14:39 - 2016-11-12 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-06 14:39 - 2016-11-12 10:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-06 14:39 - 2016-11-12 10:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-06 14:39 - 2016-11-12 10:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-06 14:39 - 2016-11-12 10:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-06 14:39 - 2016-11-12 10:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-06 14:39 - 2016-11-12 09:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-06 14:39 - 2016-11-12 09:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-06 14:39 - 2016-11-12 09:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-06 14:39 - 2016-11-12 09:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-06 14:39 - 2016-11-12 09:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-06 14:39 - 2016-11-12 09:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-06 14:39 - 2016-11-12 09:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-06 14:39 - 2016-11-12 09:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-06 14:39 - 2016-11-12 09:38 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-06 14:39 - 2016-11-12 09:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-06 14:39 - 2016-11-12 09:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-06 14:39 - 2016-11-12 09:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-06 14:39 - 2016-11-12 09:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-06 14:39 - 2016-11-12 09:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-06 14:39 - 2016-11-12 09:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-06 14:39 - 2016-11-12 09:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-06 14:39 - 2016-11-10 08:19 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-03-06 14:39 - 2016-11-09 08:24 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-03-06 14:39 - 2016-11-09 08:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-03-06 14:39 - 2016-11-09 08:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-03-06 14:39 - 2016-11-09 08:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-03-06 14:39 - 2016-11-06 08:16 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-06 14:39 - 2016-11-06 07:55 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-06 14:39 - 2016-10-27 07:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-06 14:39 - 2016-10-11 07:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-06 14:39 - 2016-10-11 07:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-06 14:39 - 2016-10-11 07:21 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-06 14:39 - 2016-10-11 07:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-06 14:39 - 2016-10-11 07:18 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-06 14:39 - 2016-10-11 06:55 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-06 14:39 - 2016-10-11 06:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-06 14:39 - 2016-10-11 06:51 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-03-06 14:39 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\system32\locale.nls
2017-03-06 14:39 - 2016-10-08 05:05 - 00534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-06 14:39 - 2016-10-04 07:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-03-06 14:39 - 2016-10-04 07:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-03-06 14:39 - 2016-10-04 07:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-03-06 14:39 - 2016-10-04 07:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-03-06 14:38 - 2017-01-05 09:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-06 14:38 - 2017-01-05 09:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-06 14:38 - 2017-01-05 09:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-06 14:38 - 2017-01-05 09:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-06 14:38 - 2017-01-05 09:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-06 14:38 - 2017-01-05 09:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-06 14:38 - 2016-11-20 08:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-03-06 14:38 - 2016-11-09 08:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-03-06 14:38 - 2016-11-09 08:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-03-06 14:38 - 2016-11-09 08:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-06 14:38 - 2016-11-09 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-03-06 14:38 - 2016-10-11 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-06 14:38 - 2016-10-11 06:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-06 14:38 - 2016-10-11 06:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-06 14:38 - 2016-10-11 06:53 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-06 14:38 - 2016-10-11 06:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-06 07:51 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-03-05 22:13 - 2009-06-10 13:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170305-221325.backup
2017-03-05 21:41 - 2017-03-06 07:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-03-05 21:41 - 2017-03-05 21:41 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-05 21:41 - 2017-03-05 21:41 - 00002083 _____ C:\Users\Public\Desktop\Spybot.lnk
2017-03-05 21:41 - 2017-03-05 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-05 21:41 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2017-03-05 21:37 - 2017-03-05 21:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\home1\Downloads\spybot-2.4.exe
2017-03-05 21:00 - 2017-03-05 21:00 - 00001151 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-03-05 21:00 - 2017-03-05 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-05 21:00 - 2017-03-05 21:00 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-05 20:58 - 2017-03-05 20:58 - 07097928 _____ (VS Revo Group ) C:\Users\home1\Downloads\revosetup.exe
2017-03-05 20:28 - 2017-03-05 20:28 - 09261616 _____ (Piriform Ltd) C:\Users\home1\Downloads\ccsetup527.exe
2017-03-05 14:32 - 2017-03-05 14:32 - 00001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-05 14:31 - 2017-03-05 14:31 - 00002062 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-03-05 14:31 - 2017-03-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-03-05 14:30 - 2016-09-01 10:16 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-05 14:21 - 2017-03-05 14:21 - 00362822 _____ C:\unp305781743853022745.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00361756 _____ C:\unp305781743848966737.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00360858 _____ C:\unp305781743838046718.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00359805 _____ C:\unp305781743846938734.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00359326 _____ C:\unp305781743829154703.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358828 _____ C:\unp305781743843662728.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358721 _____ C:\unp305781743812150673.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358574 _____ C:\unp305781743825878697.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358306 _____ C:\unp305781743834926713.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358223 _____ C:\unp305781743809030667.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358053 _____ C:\unp305781743818234683.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358050 _____ C:\unp305781743771278601.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357922 _____ C:\unp305781743815426678.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357571 _____ C:\unp305781743791246636.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357549 _____ C:\unp305781743804350659.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357405 _____ C:\unp305781743797330647.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357390 _____ C:\unp305781743725414520.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00356749 _____ C:\unp305781743841322724.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00354442 _____ C:\unp305781743750998565.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00353656 _____ C:\unp305781743747722560.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00353392 _____ C:\unp305781743740858548.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00353295 _____ C:\unp305781743743666552.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00352981 _____ C:\unp305781743737426541.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00352034 _____ C:\unp305781743733370534.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00351111 _____ C:\unp305781743758954579.mdmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 12:07 - 2009-07-13 20:34 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-07 12:07 - 2009-07-13 20:34 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-07 11:17 - 2014-05-30 07:23 - 00000000 ____D C:\Temp
2017-03-07 11:17 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 10:18 - 2016-12-15 12:24 - 00000000 ____D C:\Users\home1\AppData\LocalLow\Mozilla
2017-03-07 10:14 - 2012-11-21 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-07 10:12 - 2015-06-16 04:55 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000UA.job
2017-03-07 07:01 - 2010-11-20 13:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 07:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2017-03-07 06:53 - 2009-07-13 20:33 - 00423640 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-06 22:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2017-03-06 17:14 - 2012-11-21 15:34 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-06 17:14 - 2012-11-21 15:34 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-06 17:14 - 2012-11-21 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-06 12:12 - 2015-06-16 04:55 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000Core.job
2017-03-06 11:14 - 2013-09-23 10:26 - 00000000 ____D C:\Users\home1\AppData\Roaming\MediaMonkey
2017-03-06 10:30 - 2013-01-30 14:56 - 00000000 ____D C:\Users\home1\Documents\Photos
2017-03-06 08:44 - 2013-01-16 16:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-06 07:51 - 2015-12-03 06:06 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-05 22:13 - 2009-07-13 18:04 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts.20170306-084605.backup
2017-03-05 21:23 - 2012-11-03 12:54 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-05 21:21 - 2015-04-14 16:35 - 00000000 ____D C:\Users\home1\AppData\Local\FluxSoftware
2017-03-05 20:54 - 2013-01-07 10:36 - 00000000 ____D C:\Users\home1\AppData\Local\Google
2017-03-05 20:42 - 2015-05-08 16:53 - 00000000 ____D C:\Windows\Minidump
2017-03-05 20:14 - 2013-12-06 09:36 - 00000000 ____D C:\Users\home1\AppData\Local\Citrix
2017-03-05 20:14 - 2013-01-16 16:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2017-03-05 19:58 - 2012-11-21 18:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-05 19:56 - 2016-08-21 18:27 - 00000000 ____D C:\ProgramData\Garmin
2017-03-05 19:56 - 2016-08-21 18:26 - 00000000 ____D C:\Program Files\Garmin
2017-03-05 19:56 - 2016-08-21 18:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 19:53 - 2013-01-10 20:56 - 00000000 ____D C:\ProgramData\Skype
2017-03-05 14:35 - 2013-01-07 10:44 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-05 14:32 - 2013-03-04 07:25 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-05 14:32 - 2013-01-17 23:26 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-05 14:32 - 2013-01-17 23:25 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-03-05 14:31 - 2013-01-07 10:36 - 00000000 ____D C:\Program Files\Google
2017-03-05 14:26 - 2016-12-14 10:34 - 00000000 ____D C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-05 14:26 - 2014-08-16 09:04 - 00000000 ____D C:\Users\home1\AppData\Roaming\Dropbox
2017-03-05 14:26 - 2013-01-15 11:22 - 00000000 ____D C:\Program Files\KeyScrambler
2017-03-05 14:26 - 2012-08-22 12:43 - 00000000 ____D C:\Users\home1
2017-03-05 14:25 - 2011-04-11 18:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-05 14:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2013-05-23 11:01 - 2013-05-23 11:01 - 0038444 _____ () C:\Users\home1\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-05-23 11:16 - 2013-05-23 11:16 - 0012976 _____ () C:\Users\home1\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-05-02 18:39 - 2014-05-02 18:39 - 0003584 _____ () C:\Users\home1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 09:34 - 2014-12-10 21:04 - 0001001 _____ () C:\Users\home1\AppData\Local\RT2870_{803DFA51-B425-4B33-BEB0-7FB9550AC85E}_wsc
 
Files to move or delete:
====================
C:\Users\home1\MediaMonkey_4.1.13.1801.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-06 21:58
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2017
Ran by home1 (07-03-2017 12:10:36)
Running from C:\Users\home1\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-08-22 20:43:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1189877189-4094998525-2142188208-500 - Administrator - Disabled)
Guest (S-1-5-21-1189877189-4094998525-2142188208-501 - Limited - Disabled)
home1 (S-1-5-21-1189877189-4094998525-2142188208-1000 - Administrator - Enabled) => C:\Users\home1
HomeGroupUser$ (S-1-5-21-1189877189-4094998525-2142188208-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon PowerShot S100 Camera User Guide (HKLM\...\CameraUserGuide-PSS100) (Version: 1.0.0.1 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM\...\DPP) (Version: 3.11.0.0 - Canon Inc.)
Canon Utilities Map Utility (HKLM\...\MapUtility) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Condes 9 (HKLM\...\Condes 9) (Version: 9.0.07 - Finn Arildsen Software)
Download Navigator (HKLM\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{FB897D16-F0A7-4674-96F1-1C26963BA244}) (Version: 1.15.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Evernote v. 5.8.3 (HKLM\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HP Softpaq SP45367  (HKLM\...\SP45367) (Version:  - )
HP Softpaq SP45411  (HKLM\...\SP45411) (Version:  - )
Hugin 2014.0.0 (HKLM\...\Hugin) (Version: 2014.0.0 hg_5da69bc383dd - The Hugin Development Team)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 2.9.3.0 - QFX Software Corporation)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Medialink MWN-USB150N (HKLM\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nemo PDF To Word (HKLM\...\{6CA8C09B-FA99-49FE-9664-1CE823FAD510}_is1) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
QuickBooks (Version: 25.0.4006.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4001.2506 - Intuit Inc.)
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RSDLite (HKLM\...\{8F4A334E-D1B5-45D1-9C1A-3D1B97327E49}) (Version: 6.1.6 - Motorola)
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Toggl Desktop (HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\TogglDesktop) (Version:  - Toggl)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC12X86Redist (HKLM\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{50D4845B-AE2D-44A0-BD15-1F33AF4BF396}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0731E189-ACAE-4F2D-96ED-6F980AF58ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-06] (Adobe Systems Incorporated)
Task: {151298E3-F069-4A65-A9C9-64E52FFE97EA} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {17EF42FD-5908-4ED7-A95A-70F8F22E9618} - System32\Tasks\{C4E5EB6A-8569-4743-92E4-64C7AE1C201D} => pcalua.exe -a D:\sansa-installer.exe -d D:\
Task: {2D05BAC0-BF29-4E7F-B66F-E7FC31C3F5C4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
Task: {3C089597-6863-4FD4-B564-9787293C827F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {54583B52-A28D-4126-84CB-A16B56E52F07} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000Core => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {59CD281F-D14C-4BFD-A6BF-7FBC11F2FDBA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-05] (AVAST Software)
Task: {60CA9AB4-DC64-4C64-9DDF-36CF693FCDF7} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {6C550445-8CFE-40D5-B842-795FEB662845} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {725DE0CD-0BD9-4275-B8F9-C3D55BA8B5D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7878604D-8AB8-45D2-B520-1919B5770D32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {7A577358-4B8E-4E4C-A50C-132252B377CB} - System32\Tasks\{D5062A70-9DA7-4156-AF3C-E99461E4C744} => pcalua.exe -a "C:\Users\home1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KBFYCKIY\startuplite-setup-1.07.exe" -d C:\Users\home1\Desktop
Task: {7ADBE9DE-1B33-4DBD-9436-90262CE5DBAF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000UA => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {7B16D45E-1C49-482B-885E-72C7B16C7E8A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {973A68DF-42C0-4FEE-89F0-79A38AB0480D} - System32\Tasks\SafeZone scheduled Autoupdate 1460726943 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {A59C62AB-76CD-45AB-A14B-8A7FF03E8689} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D72D7943-1C61-4361-B632-6639B83A0E5E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EE7885A2-5741-424E-AED9-649E8588F8C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000Core.job => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000UA.job => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program Files\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program Files\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_auto_align_droplet.bat (No File)
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program Files\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_droplet.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 10:16 - 2016-09-01 10:16 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-07 10:56 - 2017-03-07 10:56 - 05883904 _____ () C:\Program Files\AVAST Software\Avast\defs\17030705\algo.dll
2016-09-01 10:16 - 2016-09-01 10:16 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-10-31 07:05 - 2013-10-31 07:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2017-03-05 21:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-05 21:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-05 21:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-05 21:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-05 21:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-21 15:22 - 2009-08-21 15:44 - 02281488 _____ () C:\Program Files\Medialink\MWN-USB150N\UI.exe
2012-11-21 15:22 - 2007-12-06 10:24 - 01167360 _____ () C:\Program Files\Medialink\MWN-USB150N\acAuth.dll
2012-11-21 15:22 - 2009-04-06 15:27 - 00098304 _____ () C:\Program Files\Medialink\MWN-USB150N\dllPublicFunc.dll
2012-11-21 15:22 - 2009-01-05 20:12 - 00159744 _____ () C:\Program Files\Medialink\MWN-USB150N\dllCommonCtrl.dll
2012-11-21 15:22 - 2009-04-06 15:27 - 00032768 _____ () C:\Program Files\Medialink\MWN-USB150N\dllMultiLanguage.dll
2016-06-30 05:46 - 2016-06-30 05:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-22 13:01 - 2009-07-24 10:29 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2017-03-05 14:35 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-03-05 14:35 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123simsen.com -> www.123simsen.com
 
There are 7932 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:04 - 2017-03-06 08:46 - 00454350 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15590 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\home1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Findo => C:\Program Files\Findo\findo.exe --silent
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: HotKeysCmds => 
MSCONFIG\startupreg: IgfxTray => 
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E7C6B24A-6BEF-4635-A117-E754C3D2F7C5}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B5F7B19C-56D8-44B1-9C54-4DF5B5C5D9BA}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D5A9BDFF-CAC6-40DB-8826-BBC0E57A4A93}] => (Allow) C:\Users\home1\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{9482761D-ABD3-4416-B695-4335B1B6A290}] => (Allow) C:\Users\home1\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{CD18B43A-1013-4769-B77E-DE34F6BBE1A9}] => (Allow) C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{4E0B7C10-FF2B-4DD5-8834-13BF98697052}] => (Allow) C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{BAE4CD6C-E08C-4CD4-AF42-19981F3D74C7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E76FBD03-C6ED-4F1F-BB18-5833AAEC0FFB}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{EA2CC7A8-64EA-4870-80FF-13AF39C9713E}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{58C460DB-0CC7-4A4F-8DF8-19174FD77F1E}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{40BF43FA-F48B-4CDF-AEEF-3349A45C776B}] => (Allow) C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D492E33B-F5BD-4D28-B328-F72C1F95B157}] => (Allow) C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{82F08DCF-3702-4145-9741-30EEEC3D1E7B}C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9082F3EE-FDEE-4344-8868-3FBEF0E3B493}C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{431DB9C1-9333-4B9F-86E7-9C28B8EB9023}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B717B62B-B7BE-4CFD-90C5-E9EE557CBBAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2C36660C-C61A-466C-89C7-4A610FCAA47A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{EB87E950-23CE-4AC8-BCFA-FA8BB56C5C88}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A4F654B7-E864-4266-A7AD-81392B28CDB5}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{360E94BF-CCB1-4416-A53C-C0AED9061F52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{74FA5DBF-8C05-453B-8D8E-A1EF7B2B8AA4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1D3E1B7F-5ED4-43B1-BDE2-79B03695AAE9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EC67D463-C2BB-473F-B043-F67DE81B74C9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8B87C315-467D-441D-BACD-238C72F63C6D}] => (Allow) C:\Program Files\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [TCP Query User{15F8FE00-EA69-466D-B529-A17AA4FBEE43}C:\program files\motorola\rsd lite\sdl.exe] => (Allow) C:\program files\motorola\rsd lite\sdl.exe
FirewallRules: [UDP Query User{81346BD2-3FF7-4CDC-81D8-7A5211936792}C:\program files\motorola\rsd lite\sdl.exe] => (Allow) C:\program files\motorola\rsd lite\sdl.exe
FirewallRules: [{DD1C40F6-B356-4231-9A6E-DF15113755B2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
22-01-2017 07:59:21 Garmin Express
05-03-2017 14:20:11 Restore Operation
05-03-2017 14:42:02 Garmin Express
05-03-2017 19:52:31 Removed Microsoft Silverlight
05-03-2017 19:53:29 Removed Skype™ 7.32
05-03-2017 19:54:35 Removed Google Talk Plugin
05-03-2017 19:55:41 Garmin Express
05-03-2017 21:09:24 Revo Uninstaller's restore point - Cisco WebEx Meetings
05-03-2017 21:18:45 Revo Uninstaller's restore point - Skype Click to Call
05-03-2017 21:19:40 Revo Uninstaller's restore point - Findo
05-03-2017 21:19:55 Removed Findo
05-03-2017 21:20:47 Revo Uninstaller's restore point - f.lux
05-03-2017 21:22:43 Revo Uninstaller's restore point - Microsoft Office File Validation Add-In
05-03-2017 21:25:48 Revo Uninstaller's restore point - Spotify
06-03-2017 23:25:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: MpKslb0658618
Description: MpKslb0658618
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslb0658618
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2017 11:19:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/07/2017 11:19:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Hugin\bin\hugin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/07/2017 11:19:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Hugin\bin\hugin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/07/2017 06:54:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/06/2017 10:02:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\PTBatcherGUI.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/06/2017 10:02:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\icpfind.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/06/2017 10:02:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\hugin_stitch_project.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/06/2017 10:02:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\hugin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/06/2017 10:02:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\calibrate_lens_gui.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/06/2017 09:57:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW.EXE".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/07/2017 11:19:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (03/07/2017 11:17:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:15:12 AM on ‎3/‎7/‎2017 was unexpected.
 
Error: (03/07/2017 06:54:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (03/06/2017 08:04:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (03/06/2017 08:04:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/06/2017 08:04:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (03/06/2017 07:44:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (03/06/2017 07:44:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.
 
Error: (03/06/2017 07:43:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
 
Error: (03/05/2017 08:18:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{803DFA51-B425-4B33-BEB0-7FB9550AC85E}.
The backup browser is stopping.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-01 11:05:27.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 11:05:27.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-27 07:11:21.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-27 07:11:21.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-26 08:49:45.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-26 08:49:45.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-25 07:30:30.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-25 07:30:30.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-24 08:28:30.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-24 08:28:30.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 64%
Total physical RAM: 3543.25 MB
Available physical RAM: 1263.39 MB
Total Virtual: 7084.82 MB
Available Virtual: 4366.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.08 GB) (Free:326.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7398109F)
Partition 1: (Not Active) - (Size=596 MB) - (Type=83)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by oleander, 08 March 2017 - 11:08 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall Hugin
Uninstall Spybot S&D and have it remove its immunizations on the way out.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Run a new FRST scan with addition.txt checked and post both logs.
 
 

  • 0

#3
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Run a new FRST scan with addition.txt checked and post both logs.
 
 

 

 

Hi,

 

Thanks. I did everything through scannow. The result I got was that the integrity of the computer was fine; nothin' to fix.

 

So, of the steps you listed under that (starting with "Copy the next two lines"): Which steps can I skip and which should I still do?

 

Thanks again,

Lisa


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Start at:

1. Please download the Event Viewer Tool by Vino Rosso


  • 0

#5
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

SYSTEM LOG and APPLICATION LOG are posted below. (More to come later.)

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 14/03/2017 5:58:38 PM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/03/2017 8:38:46 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The VBoxAsw Support Driver service failed to start due to the following error:  The system cannot find the path specified.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/03/2017 10:04:35 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2017 10:04:26 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2017 10:04:03 PM

Type: Warning Category: 0

Event: 27 Source: e1kexpress

Intel® 82567LM-3 Gigabit Network Connection  Network link is disconnected.

 

Log: 'System' Date/Time: 14/03/2017 8:39:59 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2017 8:39:55 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name DJ-PC.attlocal.net timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2017 8:38:23 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name EPSON472937.attlocal.net timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2017 8:38:02 PM

Type: Warning Category: 0

Event: 27 Source: e1kexpress

Intel® 82567LM-3 Gigabit Network Connection  Network link is disconnected.

 

Log: 'System' Date/Time: 14/03/2017 8:37:22 PM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 14/03/2017 6:00:36 PM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 14/03/2017 8:38:58 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 14/03/2017 9:14:39 PM

Type: Warning Category: 0

Event: 1 Source: LMS

LMS Service cannot connect to Intel® MEI driver

 

Log: 'Application' Date/Time: 14/03/2017 8:37:16 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1189877189-4094998525-2142188208-1000:

Process 1476 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1189877189-4094998525-2142188208-1000


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Still waiting on the process explorer and speccy logs but I can see that you have an ancient version of Avast that is having problems.  You need to update it.  I would download the latest version 

 

 

Click on Download then choose the free version.
 
 
Download, Save
 
Uninstall the old version of Avast.  Reboot and then right click on the new and Run As Admin.

  • 0

#7
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
PROCESS EXPLORER RESULTS:
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 71.47 0 K 24 K 0
svchost.exe 25.00 175,640 K 109,348 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 1.75 27,696 K 47,904 K 176 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 0.44 64,216 K 34,712 K 3604 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.40 0 K 0 K n/a Hardware Interrupts and DPCs
UI.exe 0.25 26,444 K 30,968 K 3644 Wireless net configuration UI (No signature was present in the subject)
System 0.17 48 K 1,324 K 4
csrss.exe 0.15 1,820 K 12,896 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.13 123,060 K 102,188 K 892 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.04 79,188 K 83,568 K 1036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
PrivacyIconClient.exe 0.03 23,260 K 26,748 K 3580 Intel® Management and Security Intel Corporation (Verified) Intel Corporation
explorer.exe 0.03 36,356 K 54,012 K 2156 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
avastui.exe 0.02 14,044 K 33,028 K 3492 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
EPCP.exe 0.02 10,144 K 15,268 K 1936 Epson Customer Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
chrome.exe 0.02 215,980 K 256,876 K 4464 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.02 111,264 K 188,820 K 3488 Google Chrome Google Inc. (Verified) Google Inc
UNS.exe 0.01 2,728 K 5,724 K 2880 User Notification Service Intel Corporation (Verified) Intel Corporation
chrome.exe 0.01 31,452 K 65,952 K 4396 Google Chrome Google Inc. (Verified) Google Inc
AvastSvc.exe 0.01 109,096 K 40,960 K 1476 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.01 4,592 K 8,396 K 3904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 4,028 K 6,424 K 540 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe < 0.01 7,204 K 1,416 K 2460 CCleaner Piriform Ltd (Verified) Piriform Ltd
chrome.exe < 0.01 66,812 K 69,692 K 2344 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 15,300 K 13,616 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,664 K 10,992 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,616 K 11,464 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
aswidsagent.exe < 0.01 12,404 K 22,680 K 3264 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
LMS.exe < 0.01 1,192 K 3,588 K 2028 Local Manageability Service Intel Corporation (Verified) Intel Corporation
mbamgui.exe < 0.01 2,512 K 4,852 K 2188 Malwarebytes Anti-Malware Malwarebytes Corporation (Certificate expired) Malwarebytes Corporation
wuauclt.exe 1,888 K 5,812 K 5900 Windows Update Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4,860 K 2,296 K 4352 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,260 K 6,604 K 2100 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,384 K 5,656 K 976 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,248 K 4,824 K 628 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,020 K 3,044 K 492 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 5,384 K 8,636 K 1648 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 7,748 K 8,032 K 2116 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,612 K 4,876 K 4924 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,560 K 4,752 K 2380 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 25,000 K 22,464 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,204 K 13,860 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,304 K 5,816 K 820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,340 K 6,164 K 728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,444 K 4,348 K 1888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,500 K 4,184 K 2704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,052 K 4,404 K 1212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe Suspended 228 K 220 K 5912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 5,848 K 7,892 K 1580 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 320 K 856 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 36,992 K 24,380 K 5132 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 1,508 K 4,772 K 2864 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
QBIDPService.exe 7,696 K 6,572 K 2532 QBIDPService Intuit Inc. (No signature was present in the subject) Intuit Inc.
QBCFMonitorService.exe 8,396 K 8,604 K 1768 QuickBooks Company File Monitoring Service Intuit (No signature was present in the subject) Intuit
NisSrv.exe 11,812 K 8,000 K 3836 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MotoHelperService.exe 2,404 K 5,380 K 1068 MotoHelper Service Motorola Mobility LLC (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe 3,132 K 6,312 K 2228 MotoHelperAgent Motorola Mobility LLC (Verified) Motorola Mobility Inc.
mbamservice.exe 152,716 K 64,044 K 444 Malwarebytes Anti-Malware Malwarebytes Corporation (Certificate expired) Malwarebytes Corporation
mbamscheduler.exe 1,648 K 3,356 K 276 Malwarebytes Anti-Malware Malwarebytes Corporation (Certificate expired) Malwarebytes Corporation
lsm.exe 1,356 K 2,944 K 568 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,624 K 9,464 K 560 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 1,168 K 532 K 2804 Google Crash Handler Google Inc. (Verified) Google Inc
ForwardDaemon.exe 1,336 K 3,224 K 676 ForwardDemon Motorola (No signature was present in the subject) Motorola
escsvc.exe 1,084 K 3,580 K 1976 Epson Scanner Service (32bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
E_JT50RP.EXE 748 K 2,352 K 1996 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
csrss.exe 1,596 K 3,728 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 38,604 K 72,740 K 2716 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 40,232 K 74,760 K 5388 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,284 K 63,064 K 4608 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,640 K 59,492 K 4576 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,620 K 59,300 K 5028 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,556 K 58,892 K 1988 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,552 K 58,932 K 5148 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,736 K 62,824 K 1448 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 66,324 K 59,236 K 2872 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 30,576 K 65,168 K 2564 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,396 K 4,140 K 4928 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 27,696 K 63,908 K 348 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,540 K 5,172 K 1200 Google Chrome Google Inc. (Verified) Google Inc
armsvc.exe 884 K 2,888 K 1864 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
If you have rebooted since you last ran Process Explorer then please create a new Process Explorer log and post it.

  • 0

#9
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Speccy results attached.

Attached Files


  • 0

#10
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       340 N/A                                         
csrss.exe                      440 N/A                                         
wininit.exe                    492 N/A                                         
csrss.exe                      500 N/A                                         
services.exe                   540 N/A                                         
lsass.exe                      560 EFS, KeyIso, SamSs                          
lsm.exe                        568 N/A                                         
winlogon.exe                   628 N/A                                         
svchost.exe                    728 DcomLaunch, PlugPlay, Power                 
svchost.exe                    820 RpcEptMapper, RpcSs                         
MsMpEng.exe                    892 MsMpSvc                                     
svchost.exe                    996 Audiosrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1036 AudioEndpointBuilder, CscService,           
                                   HomeGroupListener, Netman, PcaSvc, SysMain, 
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc,      
                                   wudfsvc                                     
svchost.exe                   1080 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost                         
svchost.exe                   1112 Appinfo, BITS, Browser, EapHost, iphlpsvc,  
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
svchost.exe                   1212 gpsvc                                       
svchost.exe                   1364 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AvastSvc.exe                  1476 avast! Antivirus                            
spoolsv.exe                   1580 Spooler                                     
svchost.exe                   1628 BFE, DPS, MpsSvc                            
armsvc.exe                    1864 AdobeARMservice                             
svchost.exe                   1888 DiagTrack                                   
EPCP.exe                      1936 EpsonCustomerParticipation                  
escsvc.exe                    1976 EpsonScanSvc                                
E_JT50RP.EXE                  1996 EPSON_PM_RPCV4_05                           
LMS.exe                       2028 LMS                                         
mbamscheduler.exe              276 MBAMScheduler                               
mbamservice.exe                444 MBAMService                                 
MotoHelperService.exe         1068 Motorola Device Manager                     
ForwardDaemon.exe              676 PST Service                                 
QBCFMonitorService.exe        1768 QBCFMonitorService                          
taskhost.exe                  2116 N/A                                         
mbamgui.exe                   2188 N/A                                         
MotoHelperAgent.exe           2228 N/A                                         
QBIDPService.exe              2532 QBVSS                                       
svchost.exe                   2704 StiSvc                                      
UNS.exe                       2880 UNS                                         
NisSrv.exe                    3836 NisSrv                                      
svchost.exe                   3904 FDResPub, SSDPSRV, TBS                      
GoogleCrashHandler.exe        2804 N/A                                         
rundll32.exe                  2864 N/A                                         
aswidsagent.exe               3264 aswbIDSAgent                                
dwm.exe                       3604 N/A                                         
explorer.exe                  2156 N/A                                         
PrivacyIconClient.exe         3580 N/A                                         
UI.exe                        3644 N/A                                         
avastui.exe                   3492 N/A                                         
taskeng.exe                   2380 N/A                                         
CCleaner.exe                  2460 N/A                                         
WmiPrvSE.exe                   976 N/A                                         
SearchIndexer.exe             5132 WSearch                                     
wmpnetwk.exe                  4352 WMPNetworkSvc                               
svchost.exe                   1796 p2pimsvc, p2psvc, PNRPsvc                   
wuauclt.exe                   5900 N/A                                         
chrome.exe                    3488 N/A                                         
chrome.exe                    4928 N/A                                         
chrome.exe                    1200 N/A                                         
chrome.exe                    2872 N/A                                         
chrome.exe                    4396 N/A                                         
chrome.exe                    2564 N/A                                         
chrome.exe                     348 N/A                                         
chrome.exe                    1988 N/A                                         
chrome.exe                    2716 N/A                                         
chrome.exe                    2344 N/A                                         
chrome.exe                    5148 N/A                                         
chrome.exe                    5028 N/A                                         
chrome.exe                    4576 N/A                                         
chrome.exe                    1448 N/A                                         
chrome.exe                    5388 N/A                                         
chrome.exe                    4608 N/A                                         
chrome.exe                    4464 N/A                                         
WmiPrvSE.exe                  2100 N/A                                         
svchost.exe                   2248 N/A                                         
WmiPrvSE.exe                  3800 N/A                                         
audiodg.exe                   1644 N/A                                         
chrome.exe                    4692 N/A                                         
cmd.exe                        148 N/A                                         
conhost.exe                   5500 N/A                                         
tasklist.exe                  1140 N/A                                         

  • 0

Advertisements


#11
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have not rebooted since I last ran Process Explorer, so I won't run it again for now.

 

However, should I go ahead and do the following per your original instructions?

 

"Run a new FRST scan with addition.txt checked and post both logs."

 

Lisa


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

The svchost file that is eating up your CPU is  process ID 1112

 

svchost.exe                   1112 Appinfo, BITS, Browser, EapHost, iphlpsvc,  
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv        

 

        

The usual culprit is wuauserv which is Windows Update.  If you search for:

 

services.msc

 

and hit Enter then scroll down to Windows Update then right click on it and select Properties and STOP the service you will usually see in Process Explorer that the System Idle Process which was

System Idle Process 71.47 is now over 90.

 

Go back in to Services.msc and find Background Intelligent Transfer Service and stop it.  Wait until it says it has stopped then Start it again.  Go to Windows Update and Start it.   Sometimes restarting the two services will fix the problem (look in process explorer again and see if System Idle has dropped) but usually we have two choices.  We can run the Microsoft fix:

 

System Update Readiness Tool for Windows 7
 
 
Download, save then run it by double clicking.  This can take hours.  I have seen it run overnight and not finish.
 
Once that runs then get
 
 KB3083710 and KB3102810
 
 
Then try Windows Update again and see if you have better luck.
 
The alternative is Windows Repair All in One:
 
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure these are checked before hitting Start:
 
Reset Registry Permissions
Reset File Permissions
Register System Files
 
Repair Windows Updates
 
(It doesn't hurt to leave the other options checked but it does take longer to finish)
Reboot when done
 
Speccy says your PC is running a bit hot tho lately it can lie about the temps.  Unfortunately it is not lying about the hard drive.  You have a Seagate which is dying like all Seagates.  Lots of errors that look pretty serious.  Let's get a second opinion:
 
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
What temps does it show for Core or CPU?  
 
click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform and In-depth Online Analysis of this hard disk.  Your browser will open.
 
At the bottom of the new page will be a line:  
 
The link to get back and see a new report about this hard disk in the future is this.
 
Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).
 
You can hold off on a second FRST scan for now.  
 
 

  • 0

#13
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

SPEEDFAN TEST RESULTS:

 

http://www.hddstatus...cation=C1B0D653

 

 


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

What sort of temps did speedfan show?

 

Speedfan agrees with me that the drive is dying so I would clone it as soon as possible.  It sounds harder than it is:

 

Short term back up everything you don't want to lose then buy a new drive preferably a Western Digital Black ( they really do seem to be better and last longer) 
Amazon has one that will work and give you double the space and a boost in speed for about $75:
WD Black 1TB Performance Desktop Hard Disk Drive - 7200 RPM SATA 6 Gb/s 64MB Cache 3.5 Inch - WD1003FZEX
Price: $74.99 
or if money is tight then go with the blue:
 
 
WD Blue 1TB SATA 6 Gb/s 7200 RPM 64MB Cache 3.5 Inch Desktop Hard Drive (WD10EZEX)
Price: $49.99 Free Shipping for Prime Members
 
You can usually temporarily borrow the power and SATA cables from the DVD drive since you just want to hook it up long enough to clone it doesn't need to be mounted - just don't let it short anything out.
 
You can use the program from your new hard drive maker's website or even from Seagate or you can use one of the free ones:
 
 
 
Some of them require you to boot from a CD or USB drive (it's faster that way) but others like aomei can clone from within windows.  I like to check the SMART info on the new drive with Speccy or Speedfan to make sure it's a good drive.  ( a new drive should have Raw values of 0's for all entries that have to do with errors or reallocated sectors.)   It's rare but sometimes you get a lemon.  
 
 Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.
 
Once the cloning software finishes you shut it down,   Remove the old drive (Phillips screwdriver is usually all you need) , install the new.  Return the cables to the DVD.  Boot up and run a disk check to make sure everything is happy.
 
1. Double-click Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on  Computer and select Manage.  Then click on the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
Once you have it installed and running OK then you can go Right click on  Computer and select Manage.  Then click on Disk Management.  Disk 0 will show a big chunk of unused hard drive.  You can either expand the current partition to fill the whole drive or create a second partition which will show up with a letter.  

  • 0

#15
oleander

oleander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

What sort of temps? Here's what the S.M.A.R.T. scan came up with:

 

The average temperature for this hard disk model is 34°C (min=25°C max=43°C) and yours is 38°C. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP