Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Access blocked to files, security programs/scans, browser redirects


  • This topic is locked This topic is locked
32 replies to this topic

#1 beachbirdie

beachbirdie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 23 January 2018 - 05:05 AM

I am not sure what might be going on, but I am struggling to make this computer work for me as topic says.  I ended up not being able to even do malware scans, the programs just freeze except in safe mode.  Eventually got Malwarebytes to run, it never finds anything, nor does Avast find anything. 

 

Tried setting computer back to earlier time, worked a short time then started blocking me off again.  Can't even access regedit.  Something turned off Windows firewall.  

 

Below are FRST  and  Addition logs.  

 

I don't normally run Chrome, I normally use Firefox.  Firefox doesn't load well right now and I can't navigate with it.

  

Thank you for anything you can tell me from these.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by lmbeattie (administrator) on LMBEATTIE-PC (23-01-2018 01:44:29)
Running from C:\Users\lmbeattie\Desktop
Loaded Profiles: lmbeattie & Les.B games (Available Profiles: lmbeattie & Les.B games & Farmville)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Akamai Technologies, Inc.) C:\Users\lmbeattie\AppData\Local\Akamai\netsession_win.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-11-26] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\Run: [Akamai NetSession Interface] => C:\Users\lmbeattie\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {467c8f10-e1af-11e1-ae22-ac72891e8f88} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {5fd8f38a-fc51-11e2-8c3e-ac72891e8f88} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {632ee415-9e4b-11e3-8885-14dae9d003f3} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {b95bb0c5-2094-11e4-91f0-ac72891e8f88} - F:\DT4000_Launcher.exe
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\MountPoints2: {ffa6fd95-14a7-11e2-94e3-ac72891e8f88} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1111453194-4016939751-1576079428-1001\...\MountPoints2: {6d254d70-fc80-11e1-99f5-ac72891e8f88} - H:\setup.exe -a
HKU\S-1-5-21-1111453194-4016939751-1576079428-1001\...\MountPoints2: {ffa6fd95-14a7-11e2-94e3-ac72891e8f88} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-07-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (No File)
Startup: C:\Users\Les.B games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-09-02]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\lmbeattie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-02-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C294C80-1B3A-452B-B4C0-A0BA118EF561}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1B97464E-CE55-4939-9128-63C1FAE421C6}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1111453194-4016939751-1576079428-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.foxbusiness.com/
HKU\S-1-5-21-1111453194-4016939751-1576079428-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1111453194-4016939751-1576079428-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1111453194-4016939751-1576079428-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2012-11-26] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 [2017-12-23]
FF Homepage: Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 -> hxxp://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115 -> is enabled.
FF Extension: (Mendeley Importer WebExtension) - C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115\Extensions\@mendeleyimporter.xpi [2017-11-14]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08] [Legacy]
FF Extension: (Avast Online Security) - C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115\Extensions\wrc@avast.com.xpi [2017-11-09]
FF Extension: (Adblock Plus) - C:\Users\lmbeattie\AppData\Roaming\Mozilla\Firefox\Profiles\zfmr2dvx.default-1451536295115\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-30] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1111453194-4016939751-1576079428-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\LMBEAT~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate09052013
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
CHR Extension: (Docs) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Avast Online Security) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-20]
CHR Extension: (Xfinity) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-09-09]
CHR Extension: (Skype) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-25]
CHR Extension: (Gmail) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\lmbeattie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-14] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-11-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-21] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-22] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-22] (Malwarebytes)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2016-02-17] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2016-02-17] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2016-02-17] (LG Electronics Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-23 01:40 - 2018-01-23 01:40 - 000059858 _____ C:\Users\Les.B games\Desktop\Addition.txt
2018-01-23 01:39 - 2018-01-23 01:40 - 000037853 _____ C:\Users\Les.B games\Desktop\FRST.txt
2018-01-23 01:37 - 2018-01-23 01:37 - 002393088 _____ (Farbar) C:\Users\Les.B games\Desktop\FRST64.exe
2018-01-22 14:33 - 2018-01-22 14:33 - 000000000 ____D C:\ProgramData\SWCUTemp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-23 01:45 - 2017-02-22 12:07 - 000031280 _____ C:\Users\lmbeattie\Desktop\FRST.txt
2018-01-23 01:44 - 2017-02-22 12:06 - 000000000 ____D C:\Users\lmbeattie\Desktop\FRST-OlderVersion
2018-01-23 01:44 - 2017-02-22 12:06 - 000000000 ____D C:\FRST
2018-01-23 01:44 - 2017-02-22 01:00 - 002393088 _____ (Farbar) C:\Users\lmbeattie\Desktop\FRST64.exe
2018-01-23 01:44 - 2014-12-29 23:51 - 000000000 ____D C:\Users\lmbeattie\AppData\Local\Akamai
2018-01-23 01:41 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-23 01:41 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-22 19:01 - 2009-07-13 21:13 - 000801978 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-22 19:01 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-01-22 16:55 - 2016-07-06 19:32 - 000000705 _____ C:\Windows\BRRBCOM.INI
2018-01-22 16:03 - 2017-11-22 20:53 - 000000000 ____D C:\Users\Les.B games\AppData\LocalLow\Mozilla
2018-01-22 14:33 - 2017-12-22 18:37 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-22 14:31 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-20 21:35 - 2017-11-29 20:25 - 000000000 ____D C:\Users\Les.B games\Documents\Marilyn Stuff
2018-01-18 13:08 - 2011-09-02 19:44 - 000045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2018-01-15 12:18 - 2017-02-21 23:07 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-10 12:20 - 2012-11-27 17:32 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-10 12:20 - 2012-09-03 20:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-10 12:20 - 2012-09-03 20:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-10 12:20 - 2012-09-03 20:17 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-10 12:20 - 2011-04-01 20:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-10 12:17 - 2014-08-05 09:12 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 12:17 - 2014-08-05 09:12 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-08 17:24 - 2011-04-01 20:36 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 10:04 - 2009-07-13 21:08 - 000032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-05 17:21 - 2017-05-17 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-05 17:21 - 2012-07-13 23:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2013-05-18 16:04 - 2015-03-27 15:06 - 000893239 _____ () C:\Users\lmbeattie\AppData\Local\a.zip
2013-05-18 16:04 - 2015-03-27 15:06 - 002162416 _____ (Catalina Marketing Corp) C:\Users\lmbeattie\AppData\Local\BcsKtYcHW.dll
2014-12-05 00:56 - 2014-12-05 00:56 - 000004096 ____H () C:\Users\lmbeattie\AppData\Local\keyfile3.drm
2014-04-26 09:48 - 2015-11-01 12:29 - 000007601 _____ () C:\Users\lmbeattie\AppData\Local\Resmon.ResmonCfg
2012-08-05 21:08 - 2012-08-05 21:08 - 000017408 _____ () C:\Users\lmbeattie\AppData\Local\WebpageIcons.db
 
Some files in TEMP:
====================
2015-08-09 10:52 - 2015-09-08 08:35 - 000298872 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dbfhide.exe
2015-08-09 10:52 - 2015-09-08 08:35 - 000861048 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dblgen11.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000776568 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dblib11.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 001250168 _____ (iAnywhere Solutions, Inc.) C:\Users\Farmville\AppData\Local\Temp\dbtool11.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000008704 _____ () C:\Users\Farmville\AppData\Local\Temp\FsdRegistration.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000149008 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\GDSBLMgr.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000394240 _____ (Intuit, Inc.) C:\Users\Farmville\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000572928 _____ (Microsoft Corporation) C:\Users\Farmville\AppData\Local\Temp\msvcp90.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000655872 _____ (Microsoft Corporation) C:\Users\Farmville\AppData\Local\Temp\msvcr90.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000029072 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\QBFirwal.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000629136 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\qbinstal.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000030608 _____ () C:\Users\Farmville\AppData\Local\Temp\QBNGEN.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000015224 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\SMUnInstaller.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000643072 _____ (STLport Consulting, Inc.) C:\Users\Farmville\AppData\Local\Temp\stlport_r50.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000479120 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\StopQBServer.dll
2015-08-09 10:52 - 2015-09-08 08:35 - 000313744 _____ (Intuit Inc.) C:\Users\Farmville\AppData\Local\Temp\UtilDBSetup.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000298872 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dbfhide.exe
2015-09-12 06:44 - 2018-01-22 19:00 - 000861048 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dblgen11.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000776568 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dblib11.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 001250168 _____ (iAnywhere Solutions, Inc.) C:\Users\Les.B games\AppData\Local\Temp\dbtool11.dll
2012-07-02 16:26 - 2012-08-02 19:59 - 000212992 _____ (Sony DADC Austria AG) C:\Users\Les.B games\AppData\Local\Temp\drm_dyndata_7330014.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000008704 _____ () C:\Users\Les.B games\AppData\Local\Temp\FsdRegistration.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000149008 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\GDSBLMgr.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000394240 _____ (Intuit, Inc.) C:\Users\Les.B games\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000572928 _____ (Microsoft Corporation) C:\Users\Les.B games\AppData\Local\Temp\msvcp90.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000655872 _____ (Microsoft Corporation) C:\Users\Les.B games\AppData\Local\Temp\msvcr90.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000029072 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\QBFirwal.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000629136 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\qbinstal.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000030608 _____ () C:\Users\Les.B games\AppData\Local\Temp\QBNGEN.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000015224 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\SMUnInstaller.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000643072 _____ (STLport Consulting, Inc.) C:\Users\Les.B games\AppData\Local\Temp\stlport_r50.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000479120 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\StopQBServer.dll
2015-09-12 06:44 - 2018-01-22 19:00 - 000313744 _____ (Intuit Inc.) C:\Users\Les.B games\AppData\Local\Temp\UtilDBSetup.dll
2017-08-26 10:32 - 2017-08-26 10:32 - 000003584 _____ () C:\Users\lmbeattie\AppData\Local\Temp\bmgcogum.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000298872 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dbfhide.exe
2015-05-05 17:42 - 2017-03-17 21:25 - 000861048 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dblgen11.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000776568 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dblib11.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 001250168 _____ (iAnywhere Solutions, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\dbtool11.dll
2015-02-01 20:35 - 2015-02-01 20:35 - 000043008 _____ () C:\Users\lmbeattie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsk237x.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000008704 _____ () C:\Users\lmbeattie\AppData\Local\Temp\FsdRegistration.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000149008 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\GDSBLMgr.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000394240 _____ (Intuit, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2017-07-26 12:23 - 2017-07-26 12:23 - 000740416 _____ (Oracle Corporation) C:\Users\lmbeattie\AppData\Local\Temp\jre-8u144-windows-au.exe
2015-07-14 12:57 - 2015-07-14 12:57 - 000563808 _____ (Oracle Corporation) C:\Users\lmbeattie\AppData\Local\Temp\jre-8u51-windows-au.exe
2017-04-23 10:45 - 2017-04-23 10:45 - 000003584 _____ () C:\Users\lmbeattie\AppData\Local\Temp\mqcvd4kt.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000572928 _____ (Microsoft Corporation) C:\Users\lmbeattie\AppData\Local\Temp\msvcp90.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000655872 _____ (Microsoft Corporation) C:\Users\lmbeattie\AppData\Local\Temp\msvcr90.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000029072 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\QBFirwal.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000629136 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\qbinstal.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000030608 _____ () C:\Users\lmbeattie\AppData\Local\Temp\QBNGEN.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000015224 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\SMUnInstaller.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000643072 _____ (STLport Consulting, Inc.) C:\Users\lmbeattie\AppData\Local\Temp\stlport_r50.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000479120 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\StopQBServer.dll
2015-05-05 17:42 - 2017-03-17 21:25 - 000313744 _____ (Intuit Inc.) C:\Users\lmbeattie\AppData\Local\Temp\UtilDBSetup.dll
2017-03-16 10:47 - 2017-03-16 10:47 - 014456872 _____ (Microsoft Corporation) C:\Users\lmbeattie\AppData\Local\Temp\vc_redist.x86.exe
2017-04-17 20:29 - 2017-04-17 20:29 - 000003584 _____ () C:\Users\lmbeattie\AppData\Local\Temp\xprx1oes.dll
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_is3D3.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_is80AF.exe
2012-08-16 01:34 - 2012-08-16 01:34 - 000455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_is90E.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_isAB5.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_isB4CE.exe
2016-01-17 15:09 - 2012-08-16 01:34 - 000455600 _____ (Macrovision Corporation) C:\Users\lmbeattie\AppData\Local\Temp\_isDA34.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-18 14:02
 
==================== End of FRST.txt ============================
 
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by lmbeattie (23-01-2018 01:46:00)
Running from C:\Users\lmbeattie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 04:55:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1111453194-4016939751-1576079428-500 - Administrator - Disabled)
Farmville (S-1-5-21-1111453194-4016939751-1576079428-1004 - Limited - Enabled) => C:\Users\Farmville
Guest (S-1-5-21-1111453194-4016939751-1576079428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1111453194-4016939751-1576079428-1003 - Limited - Enabled)
Les.B games (S-1-5-21-1111453194-4016939751-1576079428-1001 - Administrator - Enabled) => C:\Users\Les.B games
lmbeattie (S-1-5-21-1111453194-4016939751-1576079428-1000 - Administrator - Enabled) => C:\Users\lmbeattie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.14 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0007 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.3 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_U46_ENG (HKLM-x32\...\AsusScr_U46_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HL-3170CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG Mobile Drivers (HKLM-x32\...\{01DC2C23-5D76-4744-A771-2F454C5DD872}) (Version: 4.1.1 - LG Electronics)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MasterCook Betty Crocker (HKLM-x32\...\{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}) (Version: 6.2 - ValuSoft) Hidden
MasterCook Betty Crocker (HKLM-x32\...\InstallShield_{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}) (Version: 6.2 - ValuSoft)
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Mendeley Desktop 1.12.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.2 - Mendeley Ltd.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9D33E74E-3799-4343-9F16-13AFF983366C}) (Version: 4.11.1.0 - Alexander Nikiforov)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Photobucket Backup (HKLM-x32\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4004.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4004.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Robinson Curriculum 2.29D (HKLM-x32\...\Robinson Curriculum) (Version: 2.29D - Robinson Internet)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.8 - ASUS)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222018143707186_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30] (Intel Corporation)
ContextMenuHandlers1: [DataSanitizerShellExtObj] -> {35595751-F655-4A14-90AB-C2EC32780F41} => C:\Program Files (x86)\Common Files\ASUS\Secure Delete\ASUS Secure Delete ShellExt.dll [2011-01-24] (TODO: <Company name>)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DataSanitizerShellExtObj] -> {35595751-F655-4A14-90AB-C2EC32780F41} => C:\Program Files (x86)\Common Files\ASUS\Secure Delete\ASUS Secure Delete ShellExt.dll [2011-01-24] (TODO: <Company name>)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-05-23] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01FAFE80-69FE-4956-93B9-A1C4CAF4DCA5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {0BCA4A2D-E504-42AB-993E-A100E0715CBB} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS)
Task: {10D5035E-43D9-473B-AE2B-37E41141FA29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {2729AE53-476F-4B7D-99F4-CD602303AD08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2C85D391-65DF-4639-8BB8-64AD2552284F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {35EB2370-5181-40D1-9412-F82FD88A2943} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {37728E90-655F-4833-AD3E-3FE2C3C55532} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {44A52748-B938-412B-9604-4F3EB741730A} - System32\Tasks\{CBA0A5F8-5177-42F2-ACD7-A215C4ADFD72} => C:\Windows\system32\pcalua.exe -a C:\Users\lmbeattie\Downloads\Raw-CodecV1L100-Eng.exe -d C:\Users\lmbeattie\Downloads
Task: {45D5E0DE-425B-4D61-B3EF-DA2CC8182963} - System32\Tasks\{852FD19C-9160-4C0B-AF53-7861AAC26D4A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/en/abandoninstall?page=tsProgressBar
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4D81655B-E325-408D-A062-001D9A005508} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-29] (ASUSTek Computer Inc.)
Task: {5ED25CEC-6507-4F07-BFB3-8A98D05891EE} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {5EEED90F-8E51-45F9-A783-9B2D1154A77F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-23] (AVAST Software)
Task: {69DE67E4-5586-4CB3-AB91-893E3623B03A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {69DE67E4-5586-4CB3-AB91-893E3623B03A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {77E3DC90-6F3E-4285-9644-2D020D39A8F3} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-01-24] ()
Task: {796D83D9-1428-453F-9B27-FEF1122707A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {7AB3FAF3-9D95-412E-AB51-7E7F57229DEA} - System32\Tasks\{65380918-4FCE-439B-B30B-83C346607DFB} => C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe [2007-08-15] (Electronic Arts Inc.)
Task: {838994A1-4015-4A07-9F7D-95EE661AB337} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {84D4E2A1-6501-485B-B748-3DF0E6EA8AA8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {90CD4AAB-5594-4BA8-B558-A042A146AD00} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {90CD4AAB-5594-4BA8-B558-A042A146AD00} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {A0B11CCD-5BE4-439C-B42F-A42C5A49AC78} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {A21EFB51-5908-4E71-BE73-42F8687FBB23} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {AB3F8EDD-A94C-4A99-A18C-89710B248470} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {B7BF7205-3722-4513-AC4D-7CD5D7691344} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-07-18] (ASUSTeK Computer Inc.)
Task: {C5FE3A3A-55F9-4014-983A-A33CA5530508} - System32\Tasks\{C1A2DA58-8103-46CF-818D-9C10FC61A641} => C:\Windows\system32\pcalua.exe -a C:\Users\lmbeattie\Downloads\irfanview_plugins_450_setup.exe -d C:\Users\lmbeattie\Downloads
Task: {CF02ED2A-1C14-44C5-9BEC-E5E785EF3575} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {E15209E3-EF3E-4DED-993F-4737CD4B7174} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {E15209E3-EF3E-4DED-993F-4737CD4B7174} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {E5FCB9D1-2EEB-4359-BA5D-B89FBFC6034F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E8321C77-6D16-48C3-B552-28FBDB81DC13} - System32\Tasks\SafeZone scheduled Autoupdate 1468360927 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {FE50333E-C49B-4589-8ECD-EE34B647B143} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-02 12:41 - 2011-05-02 12:41 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-28 02:31 - 2011-05-23 16:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-24 09:55 - 2011-01-24 09:55 - 000541696 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-07-14 15:11 - 2010-07-14 15:11 - 000031360 _____ () C:\Program Files\P4G\DevMng.dll
2007-08-14 23:49 - 2007-08-14 23:49 - 000063040 _____ () C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
2017-11-08 20:24 - 2017-12-06 22:19 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-22 00:16 - 2018-01-22 00:16 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18012200\algo.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-01-22 14:35 - 2018-01-22 14:35 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18012204\algo.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 001044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-30 12:48 - 2011-05-30 12:48 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-04-07 10:30 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-09-21 17:35 - 2017-09-21 17:35 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2009-11-02 13:20 - 2009-11-02 13:20 - 000619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 13:23 - 2009-11-02 13:23 - 000013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lmbeattie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1111453194-4016939751-1576079428-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Les.B games\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869
FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900
FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{791077C2-119B-483E-ACC9-A0ED846C0768}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353
FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182
FirewallRules: [{0E560F58-4B9A-43B7-8B40-D30D216B9DF7}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8D9503CB-DC4F-4E8E-8B1E-43D2A46DDF0A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{99C6F423-8DAD-4D5F-A82A-A013FE713B79}] => (Allow) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{A6759804-6E6C-403E-858A-4F83EFC6D95F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A165479-5DDC-4794-9BE0-E7ABCBA2069B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{2E2AD68C-752C-4A94-A3DA-1FD55EA362DD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{870EE38F-678F-4DB1-B647-94A7A6287D70}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{FA7867E7-A576-42A0-BE9D-0CFE52B1C756}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{7E85D1C6-3A2D-4FE4-A92C-131F0AECBE4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{464BB7C8-5AD0-4CA1-A8D2-8ADC8C5A89EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{851142FC-B424-48CE-9ECA-9F59D0B7BCF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DAE701E3-6921-46E6-A26D-AC39E4A0C4CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DFE2E870-C366-484C-93C0-D0A68E039C97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AAB38A55-6F1E-4610-B13C-9FD287AE8ED3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8FF1D220-FAF2-4F32-9535-8FB0B3BF60A1}] => (Allow) C:\Users\lmbeattie\AppData\Local\Temp\7zS0059\HPDiagnosticCoreUI.exe
FirewallRules: [{5BC40B39-7F4B-443E-9029-85CBB7A8D31B}] => (Allow) C:\Users\lmbeattie\AppData\Local\Temp\7zS0059\HPDiagnosticCoreUI.exe
FirewallRules: [{097F13CC-4CE3-410A-BE79-ECD7294F238A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8BB6F338-1E04-49B9-B06A-E7F8A3C5A509}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B7B13C62-D99E-41B8-82BE-9A085EC020D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{5F19414A-000E-48E6-A6B1-87D19AE3FF4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{F94AA28F-E25E-478D-B209-33C2A4786E1E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{79E90401-FA42-4457-A8A5-6C648EB38D2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0902A9EF-43E3-4978-BAF3-1BE7A3EA2AA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4D9C5D85-CE8E-4BC9-B530-FEABFC01BCB9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{27CFCF68-FF88-4BD1-A2D3-22857AB3E0C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{29B1EA92-97B8-4568-B3BC-BF47CA9D282A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B35420C9-3E13-408D-85BA-1309F5AFEEEA}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{187F5B7C-EB2F-4922-AD74-B424BA185BA3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{75AE0566-9BF3-4A37-B748-8FE9CCE3BB0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{E17AB403-CF02-4BF0-A5E0-BFA8B4728609}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0E596031-5A49-49F7-B3DA-6B14BD0221A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{CBDEE40E-9A31-41E1-9B02-20481E5EABF4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{EF7B5F46-134E-440F-B988-C579F97B6FDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9F094C1D-B47C-4067-8326-27DA7009CC6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B6286F07-4AFC-4F75-9C3D-498FCE33187A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F7BE503D-3D07-4592-8491-422687337F21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{38153C74-4D01-41B8-AFF1-4E0B66498661}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{052B38A9-E74F-4F97-B317-C846B8E16C45}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{070279BA-2654-4675-A865-CCFD8602F11E}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CEB52E45-E3CF-4B3D-9B3D-C4F323391794}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{0D0E7D34-5D40-40EF-B728-A9AAF40FEC67}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CBC3544A-15D4-4FA4-BB12-D71EFE64227E}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A0CAA2F9-D73E-4DC6-ADD2-378218085640}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32FE418C-B10B-4942-A684-50938C1D93B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E50883FB-E0A7-47AE-BE21-EA385E07DB2C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{37B2086F-C0BD-45C9-BFFB-3ED56F952B98}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{C338FB3D-ADCD-4EC5-BDA4-A9B992F7CC18}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{65DF78F8-69DA-4295-BFFD-03F3F7160AF3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D8606263-434D-4C9E-A250-B856269E44CB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C86FA651-B579-44DB-9192-0ED558BFD592}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B0118140-754A-488B-BA6E-5F3B2F8B50D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E4726A70-E504-4896-A2DD-53224BA9314F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1788AF82-2369-4B6F-BA27-2EE65F278BCC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{1C11AF3E-8D34-489D-B9E8-59B1328843E6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A9F76714-92C0-47DC-AB8C-78F988E8947A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7DFDF759-62E9-44CD-88CB-7F33053D011A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AF25726A-CA26-4B89-860F-69422C8BC814}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CF8C65B5-BEE6-444C-9349-2251A34682A1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{00DC2A11-47A2-4B86-AEE9-FAB3688EC3D3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{075B6C3A-DFDD-4AD2-9E58-0BE974D7A05E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{08C84074-402F-4082-9C4C-A52413433ACD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{903758FC-F765-4D13-9097-D44D0F4D40DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FD81F885-43C8-4BE8-B1BF-FCA20BB6E572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
03-01-2018 19:24:58 Scheduled Checkpoint
11-01-2018 00:00:02 Scheduled Checkpoint
18-01-2018 14:09:49 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless-N 1030
Description: Intel® Centrino® Wireless-N 1030
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2018 01:44:36 AM) (Source: MsiInstaller) (EventID: 11310) (User: lmbeattie-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\lmbeattie\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/23/2018 01:44:13 AM) (Source: MsiInstaller) (EventID: 11310) (User: lmbeattie-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\lmbeattie\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/22/2018 03:44:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7162.5000, time stamp: 0x561e6c2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1526f710
Faulting process id: 0x1f1c
Faulting application start time: 0x01d393d4151b99fd
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: unknown
Report Id: 398015a0-ffce-11e7-8e38-ac72891e8f88
 
Error: (01/22/2018 03:20:10 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Word because of this error.
 
Program: Microsoft Word
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (01/22/2018 03:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7162.5000, time stamp: 0x561e6c2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x1451f73c
Faulting process id: 0x1f1c
Faulting application start time: 0x01d393d4151b99fd
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: unknown
Report Id: ca047989-ffca-11e7-8e38-ac72891e8f88
 
Error: (01/22/2018 02:32:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (01/20/2018 09:18:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7162.5000, time stamp: 0x561e6c2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0e5cfce8
Faulting process id: 0x1d10
Faulting application start time: 0x01d39276f9ba3623
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: unknown
Report Id: 93e53349-fe6a-11e7-bd5f-ac72891e8f88
 
Error: (01/15/2018 01:08:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (01/15/2018 01:08:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (01/14/2018 12:42:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (01/22/2018 06:59:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/22/2018 06:59:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/22/2018 06:59:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/22/2018 02:36:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
 
Error: (01/22/2018 02:32:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/20/2018 04:08:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/20/2018 04:08:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (01/20/2018 04:08:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/20/2018 04:08:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (01/20/2018 04:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-13 15:20:43.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-13 15:20:43.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-11 12:56:59.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-11 12:56:58.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-10 13:15:39.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-10 13:15:39.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 14:13:22.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 14:13:22.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-08 12:26:57.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-08 12:26:56.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 73%
Total physical RAM: 8097.14 MB
Available physical RAM: 2175.2 MB
Total Virtual: 16192.48 MB
Available Virtual: 10016.06 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:293.03 GB) (Free:83.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (old data ) (Fixed) (Total:380.6 GB) (Free:379.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.6 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by lmbeattie (23-01-2018 01:46:00)
Running from C:\Users\lmbeattie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 04:55:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1111453194-4016939751-1576079428-500 - Administrator - Disabled)
Farmville (S-1-5-21-1111453194-4016939751-1576079428-1004 - Limited - Enabled) => C:\Users\Farmville
Guest (S-1-5-21-1111453194-4016939751-1576079428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1111453194-4016939751-1576079428-1003 - Limited - Enabled)
Les.B games (S-1-5-21-1111453194-4016939751-1576079428-1001 - Administrator - Enabled) => C:\Users\Les.B games
lmbeattie (S-1-5-21-1111453194-4016939751-1576079428-1000 - Administrator - Enabled) => C:\Users\lmbeattie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.14 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0007 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.3 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_U46_ENG (HKLM-x32\...\AsusScr_U46_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HL-3170CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG Mobile Drivers (HKLM-x32\...\{01DC2C23-5D76-4744-A771-2F454C5DD872}) (Version: 4.1.1 - LG Electronics)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MasterCook Betty Crocker (HKLM-x32\...\{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}) (Version: 6.2 - ValuSoft) Hidden
MasterCook Betty Crocker (HKLM-x32\...\InstallShield_{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}) (Version: 6.2 - ValuSoft)
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Mendeley Desktop 1.12.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.2 - Mendeley Ltd.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9D33E74E-3799-4343-9F16-13AFF983366C}) (Version: 4.11.1.0 - Alexander Nikiforov)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Photobucket Backup (HKLM-x32\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4004.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4004.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Robinson Curriculum 2.29D (HKLM-x32\...\Robinson Curriculum) (Version: 2.29D - Robinson Internet)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.8 - ASUS)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222018143707186_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30] (Intel Corporation)
ContextMenuHandlers1: [DataSanitizerShellExtObj] -> {35595751-F655-4A14-90AB-C2EC32780F41} => C:\Program Files (x86)\Common Files\ASUS\Secure Delete\ASUS Secure Delete ShellExt.dll [2011-01-24] (TODO: <Company name>)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DataSanitizerShellExtObj] -> {35595751-F655-4A14-90AB-C2EC32780F41} => C:\Program Files (x86)\Common Files\ASUS\Secure Delete\ASUS Secure Delete ShellExt.dll [2011-01-24] (TODO: <Company name>)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-05-23] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01FAFE80-69FE-4956-93B9-A1C4CAF4DCA5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {0BCA4A2D-E504-42AB-993E-A100E0715CBB} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS)
Task: {10D5035E-43D9-473B-AE2B-37E41141FA29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {2729AE53-476F-4B7D-99F4-CD602303AD08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2C85D391-65DF-4639-8BB8-64AD2552284F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {35EB2370-5181-40D1-9412-F82FD88A2943} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {37728E90-655F-4833-AD3E-3FE2C3C55532} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {44A52748-B938-412B-9604-4F3EB741730A} - System32\Tasks\{CBA0A5F8-5177-42F2-ACD7-A215C4ADFD72} => C:\Windows\system32\pcalua.exe -a C:\Users\lmbeattie\Downloads\Raw-CodecV1L100-Eng.exe -d C:\Users\lmbeattie\Downloads
Task: {45D5E0DE-425B-4D61-B3EF-DA2CC8182963} - System32\Tasks\{852FD19C-9160-4C0B-AF53-7861AAC26D4A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/en/abandoninstall?page=tsProgressBar
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4D81655B-E325-408D-A062-001D9A005508} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-29] (ASUSTek Computer Inc.)
Task: {5ED25CEC-6507-4F07-BFB3-8A98D05891EE} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {5EEED90F-8E51-45F9-A783-9B2D1154A77F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-23] (AVAST Software)
Task: {69DE67E4-5586-4CB3-AB91-893E3623B03A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {69DE67E4-5586-4CB3-AB91-893E3623B03A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {77E3DC90-6F3E-4285-9644-2D020D39A8F3} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-01-24] ()
Task: {796D83D9-1428-453F-9B27-FEF1122707A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {7AB3FAF3-9D95-412E-AB51-7E7F57229DEA} - System32\Tasks\{65380918-4FCE-439B-B30B-83C346607DFB} => C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe [2007-08-15] (Electronic Arts Inc.)
Task: {838994A1-4015-4A07-9F7D-95EE661AB337} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {84D4E2A1-6501-485B-B748-3DF0E6EA8AA8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {90CD4AAB-5594-4BA8-B558-A042A146AD00} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {90CD4AAB-5594-4BA8-B558-A042A146AD00} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {A0B11CCD-5BE4-439C-B42F-A42C5A49AC78} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {A21EFB51-5908-4E71-BE73-42F8687FBB23} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {AB3F8EDD-A94C-4A99-A18C-89710B248470} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {B7BF7205-3722-4513-AC4D-7CD5D7691344} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-07-18] (ASUSTeK Computer Inc.)
Task: {C5FE3A3A-55F9-4014-983A-A33CA5530508} - System32\Tasks\{C1A2DA58-8103-46CF-818D-9C10FC61A641} => C:\Windows\system32\pcalua.exe -a C:\Users\lmbeattie\Downloads\irfanview_plugins_450_setup.exe -d C:\Users\lmbeattie\Downloads
Task: {CF02ED2A-1C14-44C5-9BEC-E5E785EF3575} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {E15209E3-EF3E-4DED-993F-4737CD4B7174} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {E15209E3-EF3E-4DED-993F-4737CD4B7174} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {E5FCB9D1-2EEB-4359-BA5D-B89FBFC6034F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E8321C77-6D16-48C3-B552-28FBDB81DC13} - System32\Tasks\SafeZone scheduled Autoupdate 1468360927 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {FE50333E-C49B-4589-8ECD-EE34B647B143} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-02 12:41 - 2011-05-02 12:41 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-28 02:31 - 2011-05-23 16:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-24 09:55 - 2011-01-24 09:55 - 000541696 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-07-14 15:11 - 2010-07-14 15:11 - 000031360 _____ () C:\Program Files\P4G\DevMng.dll
2007-08-14 23:49 - 2007-08-14 23:49 - 000063040 _____ () C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
2017-11-08 20:24 - 2017-12-06 22:19 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-22 00:16 - 2018-01-22 00:16 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18012200\algo.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-01-22 14:35 - 2018-01-22 14:35 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18012204\algo.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 001044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-30 12:48 - 2011-05-30 12:48 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-04-07 10:30 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-09-21 17:35 - 2017-09-21 17:35 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-23 20:48 - 2017-12-23 20:48 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2009-11-02 13:20 - 2009-11-02 13:20 - 000619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 13:23 - 2009-11-02 13:23 - 000013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1111453194-4016939751-1576079428-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lmbeattie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1111453194-4016939751-1576079428-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Les.B games\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869
FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900
FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{791077C2-119B-483E-ACC9-A0ED846C0768}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353
FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182
FirewallRules: [{0E560F58-4B9A-43B7-8B40-D30D216B9DF7}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8D9503CB-DC4F-4E8E-8B1E-43D2A46DDF0A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{99C6F423-8DAD-4D5F-A82A-A013FE713B79}] => (Allow) C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe
FirewallRules: [{A6759804-6E6C-403E-858A-4F83EFC6D95F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A165479-5DDC-4794-9BE0-E7ABCBA2069B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{2E2AD68C-752C-4A94-A3DA-1FD55EA362DD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{870EE38F-678F-4DB1-B647-94A7A6287D70}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{FA7867E7-A576-42A0-BE9D-0CFE52B1C756}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{7E85D1C6-3A2D-4FE4-A92C-131F0AECBE4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{464BB7C8-5AD0-4CA1-A8D2-8ADC8C5A89EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{851142FC-B424-48CE-9ECA-9F59D0B7BCF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DAE701E3-6921-46E6-A26D-AC39E4A0C4CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DFE2E870-C366-484C-93C0-D0A68E039C97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AAB38A55-6F1E-4610-B13C-9FD287AE8ED3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8FF1D220-FAF2-4F32-9535-8FB0B3BF60A1}] => (Allow) C:\Users\lmbeattie\AppData\Local\Temp\7zS0059\HPDiagnosticCoreUI.exe
FirewallRules: [{5BC40B39-7F4B-443E-9029-85CBB7A8D31B}] => (Allow) C:\Users\lmbeattie\AppData\Local\Temp\7zS0059\HPDiagnosticCoreUI.exe
FirewallRules: [{097F13CC-4CE3-410A-BE79-ECD7294F238A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8BB6F338-1E04-49B9-B06A-E7F8A3C5A509}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B7B13C62-D99E-41B8-82BE-9A085EC020D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{5F19414A-000E-48E6-A6B1-87D19AE3FF4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{F94AA28F-E25E-478D-B209-33C2A4786E1E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{79E90401-FA42-4457-A8A5-6C648EB38D2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0902A9EF-43E3-4978-BAF3-1BE7A3EA2AA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4D9C5D85-CE8E-4BC9-B530-FEABFC01BCB9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{27CFCF68-FF88-4BD1-A2D3-22857AB3E0C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{29B1EA92-97B8-4568-B3BC-BF47CA9D282A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B35420C9-3E13-408D-85BA-1309F5AFEEEA}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{187F5B7C-EB2F-4922-AD74-B424BA185BA3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{75AE0566-9BF3-4A37-B748-8FE9CCE3BB0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{E17AB403-CF02-4BF0-A5E0-BFA8B4728609}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0E596031-5A49-49F7-B3DA-6B14BD0221A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{CBDEE40E-9A31-41E1-9B02-20481E5EABF4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{EF7B5F46-134E-440F-B988-C579F97B6FDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9F094C1D-B47C-4067-8326-27DA7009CC6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B6286F07-4AFC-4F75-9C3D-498FCE33187A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F7BE503D-3D07-4592-8491-422687337F21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{38153C74-4D01-41B8-AFF1-4E0B66498661}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{052B38A9-E74F-4F97-B317-C846B8E16C45}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{070279BA-2654-4675-A865-CCFD8602F11E}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CEB52E45-E3CF-4B3D-9B3D-C4F323391794}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{0D0E7D34-5D40-40EF-B728-A9AAF40FEC67}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CBC3544A-15D4-4FA4-BB12-D71EFE64227E}C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lmbeattie\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A0CAA2F9-D73E-4DC6-ADD2-378218085640}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32FE418C-B10B-4942-A684-50938C1D93B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E50883FB-E0A7-47AE-BE21-EA385E07DB2C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{37B2086F-C0BD-45C9-BFFB-3ED56F952B98}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{C338FB3D-ADCD-4EC5-BDA4-A9B992F7CC18}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{65DF78F8-69DA-4295-BFFD-03F3F7160AF3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D8606263-434D-4C9E-A250-B856269E44CB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C86FA651-B579-44DB-9192-0ED558BFD592}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B0118140-754A-488B-BA6E-5F3B2F8B50D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E4726A70-E504-4896-A2DD-53224BA9314F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1788AF82-2369-4B6F-BA27-2EE65F278BCC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{1C11AF3E-8D34-489D-B9E8-59B1328843E6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A9F76714-92C0-47DC-AB8C-78F988E8947A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7DFDF759-62E9-44CD-88CB-7F33053D011A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AF25726A-CA26-4B89-860F-69422C8BC814}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CF8C65B5-BEE6-444C-9349-2251A34682A1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{00DC2A11-47A2-4B86-AEE9-FAB3688EC3D3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{075B6C3A-DFDD-4AD2-9E58-0BE974D7A05E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{08C84074-402F-4082-9C4C-A52413433ACD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{903758FC-F765-4D13-9097-D44D0F4D40DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FD81F885-43C8-4BE8-B1BF-FCA20BB6E572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
03-01-2018 19:24:58 Scheduled Checkpoint
11-01-2018 00:00:02 Scheduled Checkpoint
18-01-2018 14:09:49 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless-N 1030
Description: Intel® Centrino® Wireless-N 1030
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2018 01:44:36 AM) (Source: MsiInstaller) (EventID: 11310) (User: lmbeattie-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\lmbeattie\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/23/2018 01:44:13 AM) (Source: MsiInstaller) (EventID: 11310) (User: lmbeattie-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\lmbeattie\AppData\Local\Akamai\uninstall.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/22/2018 03:44:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7162.5000, time stamp: 0x561e6c2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1526f710
Faulting process id: 0x1f1c
Faulting application start time: 0x01d393d4151b99fd
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: unknown
Report Id: 398015a0-ffce-11e7-8e38-ac72891e8f88
 
Error: (01/22/2018 03:20:10 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Word because of this error.
 
Program: Microsoft Word
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (01/22/2018 03:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7162.5000, time stamp: 0x561e6c2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x1451f73c
Faulting process id: 0x1f1c
Faulting application start time: 0x01d393d4151b99fd
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: unknown
Report Id: ca047989-ffca-11e7-8e38-ac72891e8f88
 
Error: (01/22/2018 02:32:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (01/20/2018 09:18:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7162.5000, time stamp: 0x561e6c2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0e5cfce8
Faulting process id: 0x1d10
Faulting application start time: 0x01d39276f9ba3623
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: unknown
Report Id: 93e53349-fe6a-11e7-bd5f-ac72891e8f88
 
Error: (01/15/2018 01:08:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (01/15/2018 01:08:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (01/14/2018 12:42:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (01/22/2018 06:59:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/22/2018 06:59:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/22/2018 06:59:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/22/2018 02:36:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
 
Error: (01/22/2018 02:32:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/20/2018 04:08:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/20/2018 04:08:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (01/20/2018 04:08:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/20/2018 04:08:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (01/20/2018 04:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-13 15:20:43.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-13 15:20:43.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-11 12:56:59.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-11 12:56:58.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-10 13:15:39.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-10 13:15:39.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 14:13:22.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-09 14:13:22.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-08 12:26:57.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-08 12:26:56.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 73%
Total physical RAM: 8097.14 MB
Available physical RAM: 2175.2 MB
Total Virtual: 16192.48 MB
Available Virtual: 10016.06 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:293.03 GB) (Free:83.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (old data ) (Fixed) (Total:380.6 GB) (Free:379.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.6 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:32 AM

Posted 23 January 2018 - 10:03 AM

beachbirdie:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:32 AM

Posted 23 January 2018 - 12:17 PM

beachbirdie:

Thank you for your patience while I analyzed your FRST logs. I do see some issues with your computer in the FRST logs, but I want to concentrate first on identifying some suspicious entries and removing any malware.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The logs show that you have Coupon Printer for Windows installed on your computer. This program is classified as a PUP. See this link for more details. If you did not knowingly install this program, you should uninstall it, via the Control Panel, Add/Remove Programs. Please let me know what you decide to do with this program.

.

:step2: The logs also show that you have Akamai NetSession Interface installed on your computer. I would recommend that you read this link to determine if you want to keep that program. Personally, I would not have it on my computer.

If you decide you do not want to keep this program, please go to the Control Panel, Programs, Add/Remove Programs, and uninstall it from your computer.

Please let me know whether you keep, or uninstall, this program.

.

:step3: The logs show that you have Catalina Savings Printer installed on your computer. This program is classified as a PUP. See this link for more details. If you did not knowingly install this program, you should uninstall it, via the Control Panel, Add/Remove Programs. Please let me know what you decide to do with this program.

.

:step4: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
VirusTotal: C:\Users\lmbeattie\AppData\Local\Temp\mqcvd4kt.dll;C:\Users\lmbeattie\AppData\Local\Temp\xprx1oes.dll
File: C:\Users\lmbeattie\AppData\Local\Temp\_is3D3.exe;C:\Users\lmbeattie\AppData\Local\Temp\_isDA34.exe
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222018143707186_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 23 January 2018 - 10:57 PM

Hi Phil,

Thank you so much for your fast response.  I did not expect such a speedy reply, but am grateful.  I will do my best to do as you instruct, and I do understand that you have a real life outside of your volunteering here so I will not be impatient!  I just now printed your last two messages, and will start working through your instruction list.  I will reply again when I have completed everything.  Thanks again!

 

beachbirdie



#5 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 23 January 2018 - 11:11 PM

First dumb question.  I cannot right-click the "FRST.exe" in your message, it is not a hot link.  Was I supposed to find that somewhere else?  Or is there another way to run this?

 

I have removed the two coupon printers and removed the Akamai NetSession Interface.

 

Thank you.


Edited by beachbirdie, 23 January 2018 - 11:11 PM.


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:32 AM

Posted 24 January 2018 - 04:35 AM

beachbirdie:

 

Thank you for your posts.  I am glad that you removed those PUPs.  They just bog down your computer and do other undesirable things.

 

There was no hot link in my reply.  You already should have FRST64.EXE on your desktop.  The FRST log that you submitted said:

 

 

 

Running from C:\Users\lmbeattie\Desktop

 

 

If you subsequently deleted that file after running the initial scan, please download it again from here at Bleeping Computer and save it to your desktop.  Then please follow the instructions to initiate the "fix", per my previous post.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 25 January 2018 - 12:21 AM

Sorry for the dumb question, but I had to ask.  I saw blue and my first thought was "link".   :)

 

I will run from desktop (I did not delete it) and follow your fix instructions, then come back with the logs. 

 

Yeah, about those PUPs, my daughter installed them because she is an "extreme couponer" and was all over the Internet getting manufacturer coupons to save money on groceries.  I trusted her.    :oopsign:

 

Thanks for not laughing at me. 

 

beachbirdie


Edited by beachbirdie, 25 January 2018 - 01:04 AM.


#8 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 25 January 2018 - 01:01 AM

I have completed the FRST fix and allowed the reboot.  I have pasted my fixlog below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by lmbeattie (24-01-2018 21:25:48) Run:1
Running from C:\Users\lmbeattie\Desktop
Loaded Profiles: lmbeattie (Available Profiles: lmbeattie & Les.B games & Farmville)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
VirusTotal: C:\Users\lmbeattie\AppData\Local\Temp\mqcvd4kt.dll;C:\Users\lmbeattie\AppData\Local\Temp\xprx1oes.dll
File: C:\Users\lmbeattie\AppData\Local\Temp\_is3D3.exe;C:\Users\lmbeattie\AppData\Local\Temp\_isDA34.exe
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222018143707186_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
HKLM\Software\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6} => key not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
 
========================= File: C:\Users\lmbeattie\AppData\Local\Temp\_is3D3.exe;C:\Users\lmbeattie\AppData\Local\Temp\_isDA34.exe ========================
 
C:\Users\lmbeattie\AppData\Local\Temp\_is3D3.exe
File is digitally signed
MD5: FBAB280D0CAC5E21C72F0A1A7B5B9608
Creation and modification date: 2006-05-24 09:10 - 2006-05-24 09:10
Size: 000455600
Attributes: ---RA
Company Name: Macrovision Corporation
Internal Name: Setup
Original Name: Setup.exe
Product: InstallShield
Description: Setup.exe
File Version: 12.0.49974
Product Version: 12.0
Copyright: Copyright © 2006 Macrovision Corporation
VirusTotal: 0
 
C:\Users\lmbeattie\AppData\Local\Temp\_isDA34.exe
File is digitally signed
MD5: FBAB280D0CAC5E21C72F0A1A7B5B9608
Creation and modification date: 2016-01-17 15:09 - 2012-08-16 01:34
Size: 000455600
Attributes: ----A
Company Name: Macrovision Corporation
Internal Name: Setup
Original Name: Setup.exe
Product: InstallShield
Description: Setup.exe
File Version: 12.0.49974
Product Version: 12.0
Copyright: Copyright © 2006 Macrovision Corporation
VirusTotal: 0
 
====== End of File: ======
 
CustomCLSID: HKU\S-1-5-21-1111453194-4016939751-1576079428-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222018143707186_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lmbeattie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1111453194-4016939751-1576079428-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 21:26:45 ====


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:32 AM

Posted 25 January 2018 - 01:58 PM

beachbirdie:
 
Thank you for your post and the contents of the "fixlog.txt" file.  That looks good! :thumbup2:
 
No worries.  I don't laugh at people.  There are no stupid questions, except those that are not asked.
 
OK, let's move on to some standard anti-malware scans.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: I see that you have Malwarebytes installed on your computer.

Please run a Malwarebytes Anti-Malware scan for me.

  • Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 26 January 2018 - 07:38 PM

I will post ESET and Malwarebytesh here, and am off to download and run the AdwCleaner now.  I can't auto-quarantine with Malwarebytes as I only have the free version.  Would the upgrade to premium be recommended?  Would it be a good idea to have protection different from Avast?  

 

 

C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Les.B games\AppData\Local\Temp\lDv3o0jt.js.part JS/TrojanDownloader.Agent.QKT trojan cleaned by deleting
C:\Users\lmbeattie\AppData\Local\Temp\7zS50BE\setup\coupons\CouponPrinter.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\lmbeattie\AppData\LocalLow\Sun\Java\jre1.7.0_07\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\Users\lmbeattie\Downloads\couponprinter(1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\lmbeattie\Downloads\CouponPrinter.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\lmbeattie\Downloads\rcsetup151.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
--------------------------------------------------------------------------------------------------------
 
Results of Malwarebytes Scan:
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/26/18
Scan Time: 3:40 PM
Log File: 4293a7b3-02f2-11e8-8235-14dae9d003f3.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3795
License: Expired
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lmbeattie-PC\lmbeattie
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349090
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 47 min, 56 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#11 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 26 January 2018 - 09:45 PM

Here is the most recent AdwCleaner log, I did not need to change any of the items it suggested cleaning, I just let it do its "thing."

 

# AdwCleaner 7.0.7.0 - Logfile created on Sat Jan 27 01:07:44 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Partner
Deleted: C:\ProgramData\Application Data\Partner
Deleted: C:\Users\All Users\Partner
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1271 B] - [2018/1/27 0:41:29]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:32 AM

Posted 27 January 2018 - 01:29 PM

beachbirdie:
 
Thank you for the posts and for the logs.  The anti-malware programs detected and cleaned up some nuisance malware.
 
I recommend Malwarebytes Premium (MBP) because you get real-time protection.  It is much better to prevent malware from infecting your computer than cleaning it out afterwards.  I wouldn't download MBP right now because they are having major issues with a botched update that consumes CPU and will not allow real-time web protection to be turned on.  I have had to disable MBP on my computer to be able to use it.  There are other products out there as well.  Please see this post by quietman7, on of the foremost computer security experts here at Bleeping Computer.
 
As for Avast, I would refer you to this article, also by quietman7.  You could elect to go with a product like Emsisoft, which offer both anti-virus and anti-malware capabilities.  I would recommend that you read this post, again by quietman7.
 
OK, let's continue to work on your computer ...
 
.
 
:step1: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Personally, I uninstalled Java nearly two years ago on both of my computers, and I have never missed it. Some people do need Java, but most do not. Some older games will not play, except on an older version of Java, so that might be why your Java is so old.

Please follow these steps to update Java:

  • Click here then click Verify Java version.
  • If you are notified your Java version is out of date click Update (recommended).
  • Click Agree and Start Free Java Download.
  • Save jxpiinstall.exe to your desktop.
  • Double click the icon then click Install.
  • Uncheck all optional offers.
  • Click Next.
  • Once completed you should be notified that You have successfully installed Java.
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall.
  • Verify the older version(s) was uninstalled then click Next.
  • Click Close.

.

:step2: You have QuickTime installed on your computer.  Unless you absolutely need that application, I would uninstall it because it poses a security vulnerability.  Please read this post for more information.
 
.
 
:step3: Please run a System File Checker (SFC) scan to assess the integrity of the Windows file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the System File Checker in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?
  • If System File Checker reports that some errors were corrected, and some errors were not corrected, please re-run the System File Checker again, as it does happen that it can not fix all of the errors detected in a single run.
  • If it again reports that some errors were corrected, and some errors were not corrected, please run it a third time.
  • If SFC continues to report uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log", and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

.


:step4: Please provide me with an update on how your computer is working now. If there are still issues, please describe them in as much detail as possible.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 29 January 2018 - 03:31 AM

Hello Phil,

 

I have followed your instructions as far as I can.

 

I removed Java and QuickTime, I can't think of a reason to keep them. 

 

I have run the CBS scan three times, each time it comes up with "Windows Resource Protection found some corrupt files but was unable to fix some of them."  I copied to my desktop from Windows File Explorer. 

 

So my next dumb question is, did you need me to copy-paste that into a message here?

I can't tell you how the computer is running at this point, I'm afraid to use it.  Well, I am afraid to use the identity that got into trouble.  Which raises the next question, do I need to work on cleaning the identities that don't seem to have issues?  Or will cleaning the one take care of all?

Thank you very much. 



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:32 AM

Posted 29 January 2018 - 01:27 PM

beachbirdie:
 
Thank you for your post.  You were wise to uninstall Java and Quicktime:thumbup2:
 
Sorry to hear about your system failing the System File Checker (SFC) scan.  That is not good news! :(
 
We have established that malware is not causing the issues, so now we are moving away from my area of expertise.  I am able to provide you with limited assistance with respect to Windows 7 OS issues, so let's try and see if we can't get things working for you. There are a couple of programs we can try.  If they are not successful, then I will recommend that you go to the Sysnative "Windows Update" Forum.  They have tremendous expertise in resolving OS SFC issues, and, in fact, they run a training program there focused precisely on resolving such issues.  I went there once a few years ago because I had problems with a Windows 7 computer throwing uncorrectable SFC errors, and they were able to get me all fixed up.

I don't need the CBS log, but you should keep it on your desktop, in case it is requested by a Sysnative helper, should you have to go there. They normally want everything in the CBS folder, but I know they like to have the log that was generated when SFC reports errors.

I would avoid modifying user accounts or any system settings right now. We don't know what we are dealing with. You could make a bad situation worse! :(
 
.
 
:step1: Please go to this website and download the Windows System Update Readiness Tool (SURT) for Windows 7 x64.

  • Please save the file to your desktop.
  • Please right-click the file, and select "Run as Administrator."
  • The SURT program can take from an hour to several hours to run and it might appear to hang. Please be patient.
  • While the SURT program is running, please do not use your computer.
  • Please report back the results of running the SURT program.

.

Thank you and have a great day ... and GOOD LUCK!

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#15 beachbirdie

beachbirdie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:State of Jefferson
  • Local time:07:32 PM

Posted 29 January 2018 - 03:01 PM

Thank you very much.  At least I know it is not likely malware causing a problem.  I will get on the next step tonight and check out the forum you recommended.

 

I have been doing a few things on the current identity and not encountering difficulty other than slow boot (too many processes starting!). 

 

I am dreading the thought of having to re-install OS, hope whatever it is can be fixed.  :wacko:  This is a good reminder to get all my product keys in order as some of my Microsoft programs I do not have the information at hand and getting my Adobe, my Office, and my OS back in will be a pain.  I know how badly Microsoft wants me off Windows 7.  They had to nuke me off my Windows NT.  Wish I were knowledgeable and brave enough to delve into an alternative OS. 

 

I hate Microsoft.  :spam:    Hope you don't work for them, LOL. 

 

Thank you again, I'll get working on the next thing.

 

---beachbirdie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users