Hi,
My desktop computer (on Win7) has been randomly hanging or freezing for 3 months.
The hanging/freezing is truly random - not always associated with any particular program or app.
Often the freezing is accompanied by the message, "Windows is not responding." And then one or more Windows programs (e.g. Explorer) or Microsoft programs (e.g. Outlook) might close out on its own; or I'll be asked if I want to close it out.
In those cases, I hit Restart to take it through a power cycle, although the Restart button doesn't always work...I sometimes have to force a shutdown by pressing down the power button.
Among the programs that have always (for many years) been working in the background are...
* Avast Free Anti-Virus
* Malwarebytes Pro
I regularly (about once weekly) did a Spybot Search & Destroy immunization, update & search.
After the freezes started, I tried the following actions but none has found any relevant spyware or done anything for my system: Checkdisk, system file check (sfc/scannow), defrag, Ccleaner (I did not touch anything registry-related), Microsoft Security Essentials scan, Malwarebytes Pro full scan, Malwarebytes Anti-Rootkit scan.
I was advised to do a System Restore to a prior restore point. I did that recently (3 months into the freezing-up behavior), but it accomplished nothing because only one Restore Point was listed and that was just one month ago. I then looked up any software downloaded onto the computer in the past 8 months or so and deleted any that seemed inessential, such as Microsoft Silverlight.
After all this, the random hanging & freezing is unchanged.
The computer (an HP Compaq 6000) is maybe 6 years old, has been heavily used and perhaps its hard drive is simply corrupted or failing. I recently cleaned out its vents with a vacuum. However, generally it's very well-ventilated and only very rarely do the fans heat up (like once every few months).
(Please ignore the "mysterious pop-up" wording in the subject line; that was a volume-slider issue that I have now fixed.)
Scan results posted below.
Thank you so much in advance,
Lisa T.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2017
Ran by home1 (administrator) on HOME1-PC (07-03-2017 12:09:02)
Running from C:\Users\home1\Downloads
Loaded Profiles: home1 (Available Profiles: home1)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
() C:\Program Files\Medialink\MWN-USB150N\UI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [Medialink Utilty] => C:\Program Files\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2017-03-05] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Run: [GoogleChromeAutoLaunch_37FB8025E6F7EFB356D22EA9A73C7B17] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\MountPoints2: {9dd2e349-6003-11e2-a02d-000ffecc69c7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\MountPoints2: {d00eb987-e801-11e3-b5cf-000ffecc69c7} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\MountPoints2: {ea9c5f1c-e810-11e3-8633-000ffecc69c7} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{803DFA51-B425-4B33-BEB0-7FB9550AC85E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D5590473-9507-43AC-A870-826BAD3AF257}: [DhcpNameServer] 172.20.20.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2012-04-26] (SEIKO EPSON CORPORATION)
BHO: KeyScramblerBHO Class -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} -> C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2013-01-15] (QFX Software Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-05] (AVAST Software)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2012-04-26] (SEIKO EPSON CORPORATION)
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-03-17] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\home1\AppData\Roaming\Mozilla\Firefox\Profiles\cgyi1kqe.default-1466114901721 [2017-03-07]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-03-05]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013-01-26] [not signed]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-03-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-06] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1189877189-4094998525-2142188208-1000: @citrixonline.com/appdetectorplugin -> C:\Users\home1\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-06] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.searchqu.com/406
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Profile: C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-03-06]
CHR Extension: (Google Cast) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-03-07]
CHR Extension: (Adblock Plus) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Anna Sui) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib [2014-06-09]
CHR Extension: (mail checker for gmail offline version) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiddmpcnmchdfhhlkhhbbhclladabik [2014-06-09]
CHR Extension: (Adobe Acrobat) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Quickrr Google Maps Search) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlfppnpmoiemhelglbefkojhlnahejd [2014-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-05]
CHR Extension: (Forecastfox) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2014-06-09]
CHR Extension: (Cisco WebEx Extension) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-03-05]
CHR Extension: (Make America Kittens Again) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klchnmggepghlcolikgaekpibclpmgcm [2017-03-05]
CHR Extension: (PlainClothes) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kleiknekfnnaaibjhlamidabhmckbddc [2014-06-09]
CHR Extension: (BugMeNot Lite) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2014-06-09]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-04]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-21]
CHR Extension: (Ghostery) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-03-05]
CHR Extension: (AutoPager Chrome) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-06-09]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-05]
CHR Extension: (Hover Zoom) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-03-05]
CHR Extension: (Google Quick Scroll) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-09-02]
CHR Extension: (Dolphin Connect) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajecklcmiegagoelbbjldmfcbcpdpll [2016-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\home1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-05]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\home1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-05-25]
CHR HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-03-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-08-18] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2012-11-21] (Meetinghouse Data Communications) [File not signed]
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2017-03-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2017-03-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2017-03-05] (AVAST Software)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [173880 2011-12-14] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [24960 2013-03-19] (Motorola Mobility Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [710144 2009-03-03] (Ralink Technology Corp.)
S1 MpKslb0658618; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F747EBC-D522-4B42-A6C5-7439D1EF918E}\MpKslb0658618.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-07 12:09 - 2017-03-07 12:10 - 00022719 _____ C:\Users\home1\Downloads\FRST.txt
2017-03-07 12:08 - 2017-03-07 12:09 - 00000000 ____D C:\FRST
2017-03-07 12:03 - 2017-03-07 12:03 - 01765888 _____ (Farbar) C:\Users\home1\Downloads\FRST.exe
2017-03-06 14:39 - 2017-01-05 09:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-06 14:39 - 2017-01-05 09:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-06 14:39 - 2017-01-05 09:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-06 14:39 - 2017-01-05 09:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-06 14:39 - 2017-01-05 09:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-06 14:39 - 2017-01-05 09:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-06 14:39 - 2017-01-05 09:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-06 14:39 - 2016-11-20 06:07 - 00373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-06 14:39 - 2016-11-17 08:27 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-03-06 14:39 - 2016-11-14 14:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-06 14:39 - 2016-11-12 10:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-06 14:39 - 2016-11-12 10:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-06 14:39 - 2016-11-12 10:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-06 14:39 - 2016-11-12 10:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-06 14:39 - 2016-11-12 10:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-06 14:39 - 2016-11-12 10:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-06 14:39 - 2016-11-12 10:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-06 14:39 - 2016-11-12 10:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-06 14:39 - 2016-11-12 10:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-06 14:39 - 2016-11-12 10:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-06 14:39 - 2016-11-12 10:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-06 14:39 - 2016-11-12 10:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-06 14:39 - 2016-11-12 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-06 14:39 - 2016-11-12 10:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-06 14:39 - 2016-11-12 10:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-06 14:39 - 2016-11-12 10:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-06 14:39 - 2016-11-12 10:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-06 14:39 - 2016-11-12 10:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-06 14:39 - 2016-11-12 09:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-06 14:39 - 2016-11-12 09:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-06 14:39 - 2016-11-12 09:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-06 14:39 - 2016-11-12 09:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-06 14:39 - 2016-11-12 09:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-06 14:39 - 2016-11-12 09:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-06 14:39 - 2016-11-12 09:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-06 14:39 - 2016-11-12 09:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-06 14:39 - 2016-11-12 09:38 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-06 14:39 - 2016-11-12 09:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-06 14:39 - 2016-11-12 09:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-06 14:39 - 2016-11-12 09:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-06 14:39 - 2016-11-12 09:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-06 14:39 - 2016-11-12 09:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-06 14:39 - 2016-11-12 09:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-06 14:39 - 2016-11-12 09:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-06 14:39 - 2016-11-10 08:19 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-03-06 14:39 - 2016-11-09 08:24 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-03-06 14:39 - 2016-11-09 08:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-03-06 14:39 - 2016-11-09 08:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-03-06 14:39 - 2016-11-09 08:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-03-06 14:39 - 2016-11-06 08:16 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-06 14:39 - 2016-11-06 07:55 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-06 14:39 - 2016-10-27 07:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-06 14:39 - 2016-10-11 07:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-06 14:39 - 2016-10-11 07:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-06 14:39 - 2016-10-11 07:21 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-06 14:39 - 2016-10-11 07:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-06 14:39 - 2016-10-11 07:18 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-06 14:39 - 2016-10-11 06:55 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-06 14:39 - 2016-10-11 06:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-06 14:39 - 2016-10-11 06:51 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-03-06 14:39 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\system32\locale.nls
2017-03-06 14:39 - 2016-10-08 05:05 - 00534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-06 14:39 - 2016-10-04 07:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-03-06 14:39 - 2016-10-04 07:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-03-06 14:39 - 2016-10-04 07:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-03-06 14:39 - 2016-10-04 07:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-03-06 14:38 - 2017-01-05 09:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-06 14:38 - 2017-01-05 09:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-06 14:38 - 2017-01-05 09:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-06 14:38 - 2017-01-05 09:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-06 14:38 - 2017-01-05 09:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-06 14:38 - 2017-01-05 09:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-06 14:38 - 2017-01-05 09:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-06 14:38 - 2016-11-20 08:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-03-06 14:38 - 2016-11-09 08:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-03-06 14:38 - 2016-11-09 08:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-03-06 14:38 - 2016-11-09 08:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-06 14:38 - 2016-11-09 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-03-06 14:38 - 2016-10-11 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-06 14:38 - 2016-10-11 07:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-06 14:38 - 2016-10-11 06:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-06 14:38 - 2016-10-11 06:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-06 14:38 - 2016-10-11 06:53 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-06 14:38 - 2016-10-11 06:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-06 07:51 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-03-05 22:13 - 2009-06-10 13:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170305-221325.backup
2017-03-05 21:41 - 2017-03-06 07:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-03-05 21:41 - 2017-03-05 21:41 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-05 21:41 - 2017-03-05 21:41 - 00002083 _____ C:\Users\Public\Desktop\Spybot.lnk
2017-03-05 21:41 - 2017-03-05 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-05 21:41 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2017-03-05 21:37 - 2017-03-05 21:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\home1\Downloads\spybot-2.4.exe
2017-03-05 21:00 - 2017-03-05 21:00 - 00001151 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-03-05 21:00 - 2017-03-05 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-05 21:00 - 2017-03-05 21:00 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-05 20:58 - 2017-03-05 20:58 - 07097928 _____ (VS Revo Group ) C:\Users\home1\Downloads\revosetup.exe
2017-03-05 20:28 - 2017-03-05 20:28 - 09261616 _____ (Piriform Ltd) C:\Users\home1\Downloads\ccsetup527.exe
2017-03-05 14:32 - 2017-03-05 14:32 - 00001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-05 14:31 - 2017-03-05 14:31 - 00002062 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-03-05 14:31 - 2017-03-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-03-05 14:30 - 2016-09-01 10:16 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-05 14:21 - 2017-03-05 14:21 - 00362822 _____ C:\unp305781743853022745.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00361756 _____ C:\unp305781743848966737.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00360858 _____ C:\unp305781743838046718.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00359805 _____ C:\unp305781743846938734.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00359326 _____ C:\unp305781743829154703.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358828 _____ C:\unp305781743843662728.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358721 _____ C:\unp305781743812150673.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358574 _____ C:\unp305781743825878697.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358306 _____ C:\unp305781743834926713.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358223 _____ C:\unp305781743809030667.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358053 _____ C:\unp305781743818234683.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00358050 _____ C:\unp305781743771278601.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357922 _____ C:\unp305781743815426678.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357571 _____ C:\unp305781743791246636.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357549 _____ C:\unp305781743804350659.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357405 _____ C:\unp305781743797330647.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00357390 _____ C:\unp305781743725414520.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00356749 _____ C:\unp305781743841322724.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00354442 _____ C:\unp305781743750998565.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00353656 _____ C:\unp305781743747722560.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00353392 _____ C:\unp305781743740858548.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00353295 _____ C:\unp305781743743666552.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00352981 _____ C:\unp305781743737426541.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00352034 _____ C:\unp305781743733370534.mdmp
2017-03-05 14:21 - 2017-03-05 14:21 - 00351111 _____ C:\unp305781743758954579.mdmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-07 12:07 - 2009-07-13 20:34 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-07 12:07 - 2009-07-13 20:34 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-07 11:17 - 2014-05-30 07:23 - 00000000 ____D C:\Temp
2017-03-07 11:17 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 10:18 - 2016-12-15 12:24 - 00000000 ____D C:\Users\home1\AppData\LocalLow\Mozilla
2017-03-07 10:14 - 2012-11-21 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-07 10:12 - 2015-06-16 04:55 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000UA.job
2017-03-07 07:01 - 2010-11-20 13:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 07:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2017-03-07 06:53 - 2009-07-13 20:33 - 00423640 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-06 22:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2017-03-06 17:14 - 2012-11-21 15:34 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-06 17:14 - 2012-11-21 15:34 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-06 17:14 - 2012-11-21 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-06 12:12 - 2015-06-16 04:55 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000Core.job
2017-03-06 11:14 - 2013-09-23 10:26 - 00000000 ____D C:\Users\home1\AppData\Roaming\MediaMonkey
2017-03-06 10:30 - 2013-01-30 14:56 - 00000000 ____D C:\Users\home1\Documents\Photos
2017-03-06 08:44 - 2013-01-16 16:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-06 07:51 - 2015-12-03 06:06 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-05 22:13 - 2009-07-13 18:04 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts.20170306-084605.backup
2017-03-05 21:23 - 2012-11-03 12:54 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-05 21:21 - 2015-04-14 16:35 - 00000000 ____D C:\Users\home1\AppData\Local\FluxSoftware
2017-03-05 20:54 - 2013-01-07 10:36 - 00000000 ____D C:\Users\home1\AppData\Local\Google
2017-03-05 20:42 - 2015-05-08 16:53 - 00000000 ____D C:\Windows\Minidump
2017-03-05 20:14 - 2013-12-06 09:36 - 00000000 ____D C:\Users\home1\AppData\Local\Citrix
2017-03-05 20:14 - 2013-01-16 16:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2017-03-05 19:58 - 2012-11-21 18:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-05 19:56 - 2016-08-21 18:27 - 00000000 ____D C:\ProgramData\Garmin
2017-03-05 19:56 - 2016-08-21 18:26 - 00000000 ____D C:\Program Files\Garmin
2017-03-05 19:56 - 2016-08-21 18:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 19:53 - 2013-01-10 20:56 - 00000000 ____D C:\ProgramData\Skype
2017-03-05 14:35 - 2013-01-07 10:44 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-05 14:32 - 2013-03-04 07:25 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-05 14:32 - 2013-01-17 23:26 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-05 14:32 - 2013-01-17 23:25 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-03-05 14:31 - 2013-01-07 10:36 - 00000000 ____D C:\Program Files\Google
2017-03-05 14:26 - 2016-12-14 10:34 - 00000000 ____D C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-05 14:26 - 2014-08-16 09:04 - 00000000 ____D C:\Users\home1\AppData\Roaming\Dropbox
2017-03-05 14:26 - 2013-01-15 11:22 - 00000000 ____D C:\Program Files\KeyScrambler
2017-03-05 14:26 - 2012-08-22 12:43 - 00000000 ____D C:\Users\home1
2017-03-05 14:25 - 2011-04-11 18:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-05 14:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
==================== Files in the root of some directories =======
2013-05-23 11:01 - 2013-05-23 11:01 - 0038444 _____ () C:\Users\home1\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-05-23 11:16 - 2013-05-23 11:16 - 0012976 _____ () C:\Users\home1\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-05-02 18:39 - 2014-05-02 18:39 - 0003584 _____ () C:\Users\home1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 09:34 - 2014-12-10 21:04 - 0001001 _____ () C:\Users\home1\AppData\Local\RT2870_{803DFA51-B425-4B33-BEB0-7FB9550AC85E}_wsc
Files to move or delete:
====================
C:\Users\home1\MediaMonkey_4.1.13.1801.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-06 21:58
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2017
Ran by home1 (07-03-2017 12:10:36)
Running from C:\Users\home1\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-08-22 20:43:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1189877189-4094998525-2142188208-500 - Administrator - Disabled)
Guest (S-1-5-21-1189877189-4094998525-2142188208-501 - Limited - Disabled)
home1 (S-1-5-21-1189877189-4094998525-2142188208-1000 - Administrator - Enabled) => C:\Users\home1
HomeGroupUser$ (S-1-5-21-1189877189-4094998525-2142188208-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon PowerShot S100 Camera User Guide (HKLM\...\CameraUserGuide-PSS100) (Version: 1.0.0.1 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM\...\DPP) (Version: 3.11.0.0 - Canon Inc.)
Canon Utilities Map Utility (HKLM\...\MapUtility) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Condes 9 (HKLM\...\Condes 9) (Version: 9.0.07 - Finn Arildsen Software)
Download Navigator (HKLM\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{FB897D16-F0A7-4674-96F1-1C26963BA244}) (Version: 1.15.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Evernote v. 5.8.3 (HKLM\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HP Softpaq SP45367 (HKLM\...\SP45367) (Version: - )
HP Softpaq SP45411 (HKLM\...\SP45411) (Version: - )
Hugin 2014.0.0 (HKLM\...\Hugin) (Version: 2014.0.0 hg_5da69bc383dd - The Hugin Development Team)
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 2.9.3.0 - QFX Software Corporation)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Medialink MWN-USB150N (HKLM\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nemo PDF To Word (HKLM\...\{6CA8C09B-FA99-49FE-9664-1CE823FAD510}_is1) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version: - WnSoft)
QuickBooks (Version: 25.0.4006.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4001.2506 - Intuit Inc.)
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RSDLite (HKLM\...\{8F4A334E-D1B5-45D1-9C1A-3D1B97327E49}) (Version: 6.1.6 - Motorola)
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Toggl Desktop (HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\TogglDesktop) (Version: - Toggl)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC12X86Redist (HKLM\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{50D4845B-AE2D-44A0-BD15-1F33AF4BF396}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\home1\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\home1\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\home1\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0731E189-ACAE-4F2D-96ED-6F980AF58ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-06] (Adobe Systems Incorporated)
Task: {151298E3-F069-4A65-A9C9-64E52FFE97EA} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {17EF42FD-5908-4ED7-A95A-70F8F22E9618} - System32\Tasks\{C4E5EB6A-8569-4743-92E4-64C7AE1C201D} => pcalua.exe -a D:\sansa-installer.exe -d D:\
Task: {2D05BAC0-BF29-4E7F-B66F-E7FC31C3F5C4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
Task: {3C089597-6863-4FD4-B564-9787293C827F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {54583B52-A28D-4126-84CB-A16B56E52F07} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000Core => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {59CD281F-D14C-4BFD-A6BF-7FBC11F2FDBA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-05] (AVAST Software)
Task: {60CA9AB4-DC64-4C64-9DDF-36CF693FCDF7} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {6C550445-8CFE-40D5-B842-795FEB662845} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {725DE0CD-0BD9-4275-B8F9-C3D55BA8B5D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7878604D-8AB8-45D2-B520-1919B5770D32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {7A577358-4B8E-4E4C-A50C-132252B377CB} - System32\Tasks\{D5062A70-9DA7-4156-AF3C-E99461E4C744} => pcalua.exe -a "C:\Users\home1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KBFYCKIY\startuplite-setup-1.07.exe" -d C:\Users\home1\Desktop
Task: {7ADBE9DE-1B33-4DBD-9436-90262CE5DBAF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000UA => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {7B16D45E-1C49-482B-885E-72C7B16C7E8A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {973A68DF-42C0-4FEE-89F0-79A38AB0480D} - System32\Tasks\SafeZone scheduled Autoupdate 1460726943 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {A59C62AB-76CD-45AB-A14B-8A7FF03E8689} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D72D7943-1C61-4361-B632-6639B83A0E5E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EE7885A2-5741-424E-AED9-649E8588F8C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000Core.job => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1189877189-4094998525-2142188208-1000UA.job => C:\Users\home1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program Files\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program Files\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_auto_align_droplet.bat (No File)
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program Files\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\home1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_droplet.bat ()
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 10:16 - 2016-09-01 10:16 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-07 10:56 - 2017-03-07 10:56 - 05883904 _____ () C:\Program Files\AVAST Software\Avast\defs\17030705\algo.dll
2016-09-01 10:16 - 2016-09-01 10:16 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-10-31 07:05 - 2013-10-31 07:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2017-03-05 21:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-05 21:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-05 21:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-05 21:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-05 21:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-21 15:22 - 2009-08-21 15:44 - 02281488 _____ () C:\Program Files\Medialink\MWN-USB150N\UI.exe
2012-11-21 15:22 - 2007-12-06 10:24 - 01167360 _____ () C:\Program Files\Medialink\MWN-USB150N\acAuth.dll
2012-11-21 15:22 - 2009-04-06 15:27 - 00098304 _____ () C:\Program Files\Medialink\MWN-USB150N\dllPublicFunc.dll
2012-11-21 15:22 - 2009-01-05 20:12 - 00159744 _____ () C:\Program Files\Medialink\MWN-USB150N\dllCommonCtrl.dll
2012-11-21 15:22 - 2009-04-06 15:27 - 00032768 _____ () C:\Program Files\Medialink\MWN-USB150N\dllMultiLanguage.dll
2016-06-30 05:46 - 2016-06-30 05:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-22 13:01 - 2009-07-24 10:29 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2017-03-05 14:35 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-03-05 14:35 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\...\123simsen.com -> www.123simsen.com
There are 7932 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:04 - 2017-03-06 08:46 - 00454350 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15590 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1189877189-4094998525-2142188208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\home1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Findo => C:\Program Files\Findo\findo.exe --silent
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence =>
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E7C6B24A-6BEF-4635-A117-E754C3D2F7C5}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B5F7B19C-56D8-44B1-9C54-4DF5B5C5D9BA}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D5A9BDFF-CAC6-40DB-8826-BBC0E57A4A93}] => (Allow) C:\Users\home1\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{9482761D-ABD3-4416-B695-4335B1B6A290}] => (Allow) C:\Users\home1\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{CD18B43A-1013-4769-B77E-DE34F6BBE1A9}] => (Allow) C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{4E0B7C10-FF2B-4DD5-8834-13BF98697052}] => (Allow) C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{BAE4CD6C-E08C-4CD4-AF42-19981F3D74C7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E76FBD03-C6ED-4F1F-BB18-5833AAEC0FFB}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{EA2CC7A8-64EA-4870-80FF-13AF39C9713E}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{58C460DB-0CC7-4A4F-8DF8-19174FD77F1E}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{40BF43FA-F48B-4CDF-AEEF-3349A45C776B}] => (Allow) C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D492E33B-F5BD-4D28-B328-F72C1F95B157}] => (Allow) C:\Users\home1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{82F08DCF-3702-4145-9741-30EEEC3D1E7B}C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9082F3EE-FDEE-4344-8868-3FBEF0E3B493}C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\home1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{431DB9C1-9333-4B9F-86E7-9C28B8EB9023}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B717B62B-B7BE-4CFD-90C5-E9EE557CBBAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2C36660C-C61A-466C-89C7-4A610FCAA47A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{EB87E950-23CE-4AC8-BCFA-FA8BB56C5C88}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A4F654B7-E864-4266-A7AD-81392B28CDB5}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{360E94BF-CCB1-4416-A53C-C0AED9061F52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{74FA5DBF-8C05-453B-8D8E-A1EF7B2B8AA4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1D3E1B7F-5ED4-43B1-BDE2-79B03695AAE9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EC67D463-C2BB-473F-B043-F67DE81B74C9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8B87C315-467D-441D-BACD-238C72F63C6D}] => (Allow) C:\Program Files\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [TCP Query User{15F8FE00-EA69-466D-B529-A17AA4FBEE43}C:\program files\motorola\rsd lite\sdl.exe] => (Allow) C:\program files\motorola\rsd lite\sdl.exe
FirewallRules: [UDP Query User{81346BD2-3FF7-4CDC-81D8-7A5211936792}C:\program files\motorola\rsd lite\sdl.exe] => (Allow) C:\program files\motorola\rsd lite\sdl.exe
FirewallRules: [{DD1C40F6-B356-4231-9A6E-DF15113755B2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
22-01-2017 07:59:21 Garmin Express
05-03-2017 14:20:11 Restore Operation
05-03-2017 14:42:02 Garmin Express
05-03-2017 19:52:31 Removed Microsoft Silverlight
05-03-2017 19:53:29 Removed Skype™ 7.32
05-03-2017 19:54:35 Removed Google Talk Plugin
05-03-2017 19:55:41 Garmin Express
05-03-2017 21:09:24 Revo Uninstaller's restore point - Cisco WebEx Meetings
05-03-2017 21:18:45 Revo Uninstaller's restore point - Skype Click to Call
05-03-2017 21:19:40 Revo Uninstaller's restore point - Findo
05-03-2017 21:19:55 Removed Findo
05-03-2017 21:20:47 Revo Uninstaller's restore point - f.lux
05-03-2017 21:22:43 Revo Uninstaller's restore point - Microsoft Office File Validation Add-In
05-03-2017 21:25:48 Revo Uninstaller's restore point - Spotify
06-03-2017 23:25:15 Windows Update
==================== Faulty Device Manager Devices =============
Name: MpKslb0658618
Description: MpKslb0658618
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslb0658618
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2017 11:19:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/07/2017 11:19:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Hugin\bin\hugin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/07/2017 11:19:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Hugin\bin\hugin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/07/2017 06:54:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/06/2017 10:02:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\PTBatcherGUI.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/06/2017 10:02:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\icpfind.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/06/2017 10:02:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\hugin_stitch_project.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/06/2017 10:02:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\hugin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/06/2017 10:02:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Hugin\bin\calibrate_lens_gui.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/06/2017 09:57:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW.EXE".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (03/07/2017 11:19:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.
Error: (03/07/2017 11:17:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:15:12 AM on 3/7/2017 was unexpected.
Error: (03/07/2017 06:54:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.
Error: (03/06/2017 08:04:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.
Error: (03/06/2017 08:04:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/06/2017 08:04:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (03/06/2017 07:44:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.
Error: (03/06/2017 07:44:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.
Error: (03/06/2017 07:43:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
Error: (03/05/2017 08:18:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{803DFA51-B425-4B33-BEB0-7FB9550AC85E}.
The backup browser is stopping.
CodeIntegrity:
===================================
Date: 2016-09-01 11:05:27.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-09-01 11:05:27.674
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 07:11:21.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 07:11:21.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 08:49:45.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 08:49:45.159
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-25 07:30:30.658
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-25 07:30:30.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-24 08:28:30.520
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-24 08:28:30.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 64%
Total physical RAM: 3543.25 MB
Available physical RAM: 1263.39 MB
Total Virtual: 7084.82 MB
Available Virtual: 4366.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.08 GB) (Free:326.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7398109F)
Partition 1: (Not Active) - (Size=596 MB) - (Type=83)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by oleander, 08 March 2017 - 11:08 AM.