Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92290 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow PC after removing DownloadmyInboxhelper [Solved]


  • This topic is locked This topic is locked
12 replies to this topic

#1 BobDylan

BobDylan

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 28 April 2019 - 12:27 PM

Hi again - not sure if they are related but I recently had these "downloadmyInbox helper" pop-ups, which I think I removed, but now the computer is running slower than normal. Didn't improve with MalwareMalbytes and an AVG virus scan.

Any help would be appreciated and I've pasted the aswMBR and 2 FRST.txt logs.

Thanks again!

 

aswMBR

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2019-04-28 13:25:17
-----------------------------
13:25:17.387    OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:17.387    Number of processors: 4 586 0x2A07
13:25:17.387    ComputerName: BARLEY-HP  UserName: Barley
13:25:18.892    Initialize success
13:25:19.020    VM: initialized successfully
13:25:19.021    VM: Intel CPU BiosDisabled 
13:49:07.487    AVAST engine defs: 17030301
13:50:21.575    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:50:21.578    Disk 0 Vendor:   Size: 0MB BusType: 0
13:50:21.682    Disk 0 MBR read successfully
13:50:21.685    Disk 0 MBR scan
13:50:21.691    Disk 0 unknown MBR code
13:50:21.695    Disk 0 MBR hidden
13:50:21.707    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
13:50:21.735    Disk 0 scanning C:\windows\system32\drivers
13:50:37.913    Service scanning
13:51:03.097    Modules scanning
13:51:03.106    Disk 0 trace - called modules:
13:51:03.456    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:51:03.461    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006059060]
13:51:03.467    3 CLASSPNP.SYS[fffff88001abe43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005a0e060]
13:51:05.016    AVAST engine scan C:\windows
13:51:07.141    AVAST engine scan C:\windows\system32
13:53:35.591    AVAST engine scan C:\windows\system32\drivers
13:53:50.074    AVAST engine scan C:\Users\Barley
14:03:45.598    AVAST engine scan C:\ProgramData
14:09:53.311    Disk 0 statistics 4820870/0/0 @ 2.72 MB/s
14:09:53.320    Scan finished successfully
14:11:53.791    Disk 0 MBR has been saved successfully to "C:\Users\Barley\Desktop\MBR.dat"
14:11:53.810    The log file has been saved successfully to "C:\Users\Barley\Desktop\aswMBR.txt"
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Barley (administrator) on BARLEY-HP (Hewlett-Packard p7-1370t) (28-04-2019 14:13:07)
Running from C:\Users\Barley\Downloads
Loaded Profiles: Barley (Available Profiles: Barley)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) [File not signed] C:\Users\Barley\Downloads\aswMBR.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Garmin International, Inc. -> Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Garmin International, Inc. -> Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> ) C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Smilebox, Inc. -> Smilebox, Inc.) C:\Users\Barley\AppData\Roaming\Smilebox\SmileboxTray.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(the sz development) [File not signed] C:\Users\Barley\AppData\Local\RimhillEx\RimhillEx.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-11-12] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2017-02-16] (Wondershare software CO., LIMITED -> )
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin International, Inc. -> Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [Google Update] => C:\Users\Barley\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [60439BD48E4DF21A7F8F35AA69AA655C496AD691._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-03] (Google LLC -> Google Inc.)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [SmileboxTray] => C:\Users\Barley\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\MountPoints2: {cf036f94-4e8d-11e2-b318-24be05218274} - G:\HPLauncher.exe
HKU\S-1-5-21-632860548-1775735820-415820443-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{0CE7EBAF-157D-4111-9146-057CB2A4023E}] -> msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{438363A8-F486-4C37-834C-4955773CB3D3}] -> msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Barley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk [2014-03-01]
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\StartHelper.exe (Hewlett-Packard Company -> )
Startup: C:\Users\Barley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2017-01-15]
ShortcutTarget: RimhillEx.lnk -> C:\Users\Barley\AppData\Local\RimhillEx\RimhillEx.exe (the sz development) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EB8649-F420-4F36-A88E-8F535B6A8227} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2226848 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {03256141-1BAE-4C9E-8D28-AED4BC1B37DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {13CA88A1-CDA4-4585-9F11-8BC5130BC8D0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {177967F9-E4A2-4B32-B949-A4465AAA6794} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\WSCStub.exe [2226848 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {1ABD908E-44DD-46E5-93D6-F85795AE81E1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-10] (Adobe Inc. -> Adobe)
Task: {1EEF3C88-147F-49F3-962A-93E6D712F121} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {2AA6B539-4673-4A05-8597-E9C84EE0899E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {2C5DC53C-3BB7-43CC-AA49-116AAEF51CF5} - System32\Tasks\{D95529CE-E95E-447C-8D8C-4C1A622E5294} => C:\windows\system32\pcalua.exe -a "C:\Users\Barley\Downloads\chromeinstall-8u31 (1).exe" -d C:\Users\Barley\Downloads
Task: {40CB04A3-5E27-4FFF-8F98-2069CF54D5AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000Core => C:\Users\Barley\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {45416CB6-710F-4224-82AA-01FE4BC3D47B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.)
Task: {4DEF5C25-BA5D-4828-98AF-FC4FBA2C55C2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {4EB1A499-7479-45FD-9808-C468FE2E4BCA} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\SymErr.exe [101392 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {4F04A113-09B2-4923-A098-4F9DCBB11ADA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D07362E-868E-43E5-9482-326BF8228EB4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {6D49B0C9-CEF2-467A-AD36-7DB6C8FE2F99} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {79A8F32F-EC48-4E54-BCA0-543CDD25FC43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {7A479DAC-A6ED-4050-961C-372019C23B7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {8D5865E3-B262-4FEE-BD7A-1A397D69B4EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {91C842F0-E78C-4C25-B1F5-28E7B64DE6C0} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe
Task: {9F9B883E-CB9B-48C3-BBF8-9C2C0E0750AC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAEEF760-5313-441C-A6F6-5AF691CF2850} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\SymErr.exe [101392 2019-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {AFF25087-364C-4FB3-AAC9-50F6F6E0A392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {B458637F-D899-4538-BA11-2A14B1ED6A8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {BEF7C1BC-3725-43AE-B6C5-660106D31E7E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-20] (HP Inc. -> )
Task: {C2157C66-9811-49A0-AE86-9BC601639777} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2970544 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {C56A0862-A80E-4AF3-A838-7EE9E32EC86D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {C9437507-490A-438E-94E4-63B8AF462DEA} - System32\Tasks\HPCeeScheduleForBarley => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {CCEC197E-48A7-4647-AD8D-6D177DE3402A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000UA => C:\Users\Barley\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {DA1CEAA8-060C-4D55-81D2-C45E1899F543} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E25995B7-68C9-4394-B1CE-2988A5345F45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {E7FB2971-971E-4070-8510-39F850BF2B7F} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe
Task: {EF88B9A7-8B01-496D-BFED-719F2A3A7981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {FB40547D-7545-4F51-84A4-F02B26327EC3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-10] (Adobe Inc. -> Adobe)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\HPCeeScheduleForBarley.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{06AE0B1F-FB3C-4241-9145-DF12EC7CB857}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D3EED012-4886-4C2D-8491-DD153D715076}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D3EED012-4886-4C2D-8491-DD153D715076}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-01] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-02-16] (Wondershare software CO., LIMITED -> Wondershare)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKU\S-1-5-21-632860548-1775735820-415820443-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Barley\AppData\Roaming\Mozilla\Firefox\Profiles\z9dx3jxz.default [2018-12-23]
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [0000-00-00] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-03] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-03-03] [Legacy]
FF HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] (Avid Technology, Inc. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-632860548-1775735820-415820443-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Barley\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-632860548-1775735820-415820443-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Barley\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Barley\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-18]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxp://myipcamapp.net
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-25]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-04-28]
CHR Extension: (Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-24]
CHR Extension: (Asus Download Master) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\akidbpofokakpmmabjlpcgplfmbmcemj [2018-12-24]
CHR Extension: (Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-24]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-24]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-04-12]
CHR Extension: (FromDocToPDF) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpgfhhkchdfegbdmjginkcffgjncmboh [2019-04-27]
CHR Extension: (App for Instagram) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ebmdoffeooapnmjcnidddmhancpfpjab [2019-03-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-24]
CHR Extension: (MyIPCam) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hehdcdgdfhanbcbdkakahgpfinojokob [2019-04-16]
CHR Extension: (Savings Button: Deals + Cash Back) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmhdchlgkaelnphlklcdddpigfiblbhb [2018-12-24]
CHR Extension: (Cisco Webex Extension) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-12-24]
CHR Extension: (FromDocToPDF) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-04-27]
CHR Extension: (CouponXplorer) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk [2019-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-24]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-23]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-12-24]
CHR Extension: (Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-06]
CHR Extension: (Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-06]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-18]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-18]
CHR Extension: (Google Search) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-06]
CHR Extension: (Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-06]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-24]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-12-23]
CHR Extension: (Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-06]
CHR Extension: (Entanglement Web App) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aciahcmjmecflokailenpkdchphgkefd [2018-12-06]
CHR Extension: (Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-06]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-06]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-06]
CHR Extension: (Adblock Plus) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-06]
CHR Extension: (Pushbullet) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2018-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-12-06]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2018-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-06]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\elioihkkcdgakfbahdoddophfngopipi [2018-12-06]
CHR Extension: (Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-08]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-12-06]
CHR Extension: (Poppit!) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2018-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-06]
CHR Extension: (Amazon Smart Search) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf [2018-12-06]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-07]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-25]
CHR Extension: (Google Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-30]
CHR Extension: (Google Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-30]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-30]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-30]
CHR Extension: (Google Search) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-30]
CHR Extension: (Google Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-30]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-30]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [362536 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6709272 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-01-20] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin International, Inc. -> Garmin Ltd or its subsidiaries)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation -> Symantec Corporation)
R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\NortonSecurity.exe [225600 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] (Ralink Technology Corporation -> )
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012-03-30] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avgArDisk; C:\windows\System32\drivers\avgArDisk.sys [37368 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [205656 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdriver.sys [254680 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsh.sys [196560 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\windows\System32\drivers\avgblog.sys [320672 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniv.sys [58152 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\windows\System32\drivers\avgKbd.sys [42336 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [166896 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [112360 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [87992 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [1030832 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [476824 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\windows\System32\drivers\avgStm.sys [220472 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [385904 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20181016.001\BHDrvx64.sys [1925104 2018-10-16] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1611000.0B7\ccSetx64.sys [192712 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515776 2018-10-20] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153280 2018-10-22] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20181019.061\IDSvia64.sys [1305072 2018-10-19] (Symantec Corporation -> Symantec Corporation)
R3 igfx; C:\windows\System32\DRIVERS\igdkmd64.sys [14745600 2012-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-28] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 netr28ux; C:\windows\System32\DRIVERS\netr28ux.sys [966144 2009-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology Corp.)
S3 PSI; C:\windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
S3 SRTSP; C:\windows\System32\drivers\NGCx64\1611000.0B7\SRTSP64.SYS [859864 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1611000.0B7\SRTSPX64.SYS [49888 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [535040 2012-03-30] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1611000.0B7\SYMEFASI64.SYS [1998344 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-12] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [114256 2018-09-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\windows\System32\drivers\NGCx64\1611000.0B7\Ironx64.SYS [315912 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1611000.0B7\symnets.sys [573448 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1611000.0B7\wpCtrlDrv.sys [1012120 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\EX64.SYS [X]
U3 aswMBR; \??\C:\Users\Barley\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Barley\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-04-28 14:13 - 2019-04-28 14:15 - 000048527 _____ C:\Users\Barley\Downloads\FRST.txt
2019-04-28 14:11 - 2019-04-28 14:11 - 000001894 _____ C:\Users\Barley\Desktop\aswMBR.txt
2019-04-28 14:11 - 2019-04-28 14:11 - 000000512 _____ C:\Users\Barley\Desktop\MBR.dat
2019-04-28 13:32 - 2019-04-28 13:32 - 000001138 _____ C:\Users\Barley\Desktop\FRST64.exe - Shortcut.lnk
2019-04-28 13:30 - 2019-04-28 14:13 - 000000000 ____D C:\FRST
2019-04-28 13:29 - 2019-04-28 13:30 - 002429952 _____ (Farbar) C:\Users\Barley\Downloads\FRST64.exe
2019-04-28 13:26 - 2019-04-28 13:26 - 000001138 _____ C:\Users\Barley\Desktop\aswMBR.exe - Shortcut.lnk
2019-04-28 13:24 - 2019-04-28 13:25 - 005198336 _____ (AVAST Software) C:\Users\Barley\Downloads\aswMBR.exe
2019-04-28 12:18 - 2019-04-28 12:18 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2019-04-28 07:58 - 2019-04-28 07:58 - 000274416 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-04-25 09:22 - 2019-04-25 09:22 - 000000077 _____ C:\windows\system32\Drivers\avgSP.sys.sum
2019-04-25 09:21 - 2019-04-25 09:21 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe
2019-04-23 07:44 - 2019-04-23 07:44 - 000001870 _____ C:\Users\Barley\Desktop\IMG_9954 (2).JPG - Shortcut.lnk
2019-04-23 07:42 - 2019-04-23 07:42 - 000000000 ____D C:\Users\Barley\Documents\New folder
2019-04-23 07:34 - 2019-04-23 07:34 - 000000000 ____D C:\Users\Barley\AppData\Local\{E039D194-4010-43AB-B51D-A13324CD476F}
2019-04-10 07:53 - 2019-04-01 21:57 - 003229696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-04-10 07:53 - 2019-03-28 21:36 - 000114688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys
2019-04-10 07:53 - 2019-03-27 23:35 - 000348776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-04-10 07:53 - 2019-03-27 21:55 - 000397120 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-04-10 07:53 - 2019-03-26 02:14 - 025736704 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-04-10 07:53 - 2019-03-26 01:52 - 002902528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-04-10 07:53 - 2019-03-26 01:51 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2019-04-10 07:53 - 2019-03-26 01:51 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2019-04-10 07:53 - 2019-03-26 01:50 - 000577024 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-04-10 07:53 - 2019-03-26 01:50 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2019-04-10 07:53 - 2019-03-26 01:50 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2019-04-10 07:53 - 2019-03-26 01:44 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2019-04-10 07:53 - 2019-03-26 01:43 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2019-04-10 07:53 - 2019-03-26 01:41 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 005777920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 000790528 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2019-04-10 07:53 - 2019-03-26 01:40 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2019-04-10 07:53 - 2019-03-26 01:35 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2019-04-10 07:53 - 2019-03-26 01:31 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2019-04-10 07:53 - 2019-03-26 01:26 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2019-04-10 07:53 - 2019-03-26 01:26 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2019-04-10 07:53 - 2019-03-26 01:25 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2019-04-10 07:53 - 2019-03-26 01:22 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2019-04-10 07:53 - 2019-03-26 01:22 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2019-04-10 07:53 - 2019-03-26 01:20 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2019-04-10 07:53 - 2019-03-26 01:18 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2019-04-10 07:53 - 2019-03-26 01:12 - 020280832 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-04-10 07:53 - 2019-03-26 01:10 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-04-10 07:53 - 2019-03-26 01:08 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-04-10 07:53 - 2019-03-26 01:08 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2019-04-10 07:53 - 2019-03-26 01:07 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2019-04-10 07:53 - 2019-03-26 01:06 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-04-10 07:53 - 2019-03-26 01:05 - 015284736 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-04-10 07:53 - 2019-03-26 01:00 - 004858880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-04-10 07:53 - 2019-03-26 00:51 - 000498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-04-10 07:53 - 2019-03-26 00:51 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2019-04-10 07:53 - 2019-03-26 00:50 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2019-04-10 07:53 - 2019-03-26 00:50 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2019-04-10 07:53 - 2019-03-26 00:50 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2019-04-10 07:53 - 2019-03-26 00:48 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-04-10 07:53 - 2019-03-26 00:48 - 001556992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-04-10 07:53 - 2019-03-26 00:46 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2019-04-10 07:53 - 2019-03-26 00:45 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2019-04-10 07:53 - 2019-03-26 00:44 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2019-04-10 07:53 - 2019-03-26 00:43 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-04-10 07:53 - 2019-03-26 00:43 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-04-10 07:53 - 2019-03-26 00:43 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2019-04-10 07:53 - 2019-03-26 00:36 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-04-10 07:53 - 2019-03-26 00:36 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2019-04-10 07:53 - 2019-03-26 00:33 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2019-04-10 07:53 - 2019-03-26 00:33 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-04-10 07:53 - 2019-03-26 00:32 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2019-04-10 07:53 - 2019-03-26 00:31 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2019-04-10 07:53 - 2019-03-26 00:29 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-04-10 07:53 - 2019-03-26 00:29 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2019-04-10 07:53 - 2019-03-26 00:29 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2019-04-10 07:53 - 2019-03-26 00:28 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2019-04-10 07:53 - 2019-03-26 00:24 - 013682176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-04-10 07:53 - 2019-03-26 00:23 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-04-10 07:53 - 2019-03-26 00:22 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-04-10 07:53 - 2019-03-26 00:21 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-04-10 07:53 - 2019-03-26 00:21 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2019-04-10 07:53 - 2019-03-26 00:08 - 004386304 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-04-10 07:53 - 2019-03-26 00:04 - 001332224 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-04-10 07:53 - 2019-03-26 00:02 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-04-10 07:53 - 2019-03-20 22:13 - 005552872 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-04-10 07:53 - 2019-03-20 22:13 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-04-10 07:53 - 2019-03-20 22:13 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-04-10 07:53 - 2019-03-20 22:13 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-04-10 07:53 - 2019-03-20 22:13 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2019-04-10 07:53 - 2019-03-20 22:12 - 001664352 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-04-10 07:53 - 2019-03-20 22:12 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2019-04-10 07:53 - 2019-03-20 22:10 - 001472512 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 001211392 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 001162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000733184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000236032 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000032768 _____ (Microsoft Corporation) C:\windows\system32\sxssrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2019-04-10 07:53 - 2019-03-20 22:03 - 003961576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2019-04-10 07:53 - 2019-03-20 22:02 - 004056296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2019-04-10 07:53 - 2019-03-20 22:02 - 001314104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000556032 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000275968 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2019-04-10 07:53 - 2019-03-20 21:45 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2019-04-10 07:53 - 2019-03-20 21:41 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2019-04-10 07:53 - 2019-03-20 21:41 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2019-04-10 07:53 - 2019-03-20 21:41 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000464384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000406016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000169984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000161280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-04-10 07:53 - 2019-03-20 21:37 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000044544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2019-04-10 07:53 - 2019-03-16 00:11 - 000114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2019-04-10 07:53 - 2019-03-16 00:09 - 003247616 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 002072576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000878080 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000516608 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000025600 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000008192 _____ (Microsoft Corporation) C:\windows\system32\msimg32.dll
2019-04-10 07:53 - 2019-03-16 00:08 - 001942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2019-04-10 07:53 - 2019-03-16 00:08 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 002368000 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 001806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 001425920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000583680 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000046080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2019-04-10 07:53 - 2019-03-15 23:42 - 000128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2019-04-10 07:53 - 2019-03-15 23:38 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2019-04-10 07:53 - 2019-03-13 11:09 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-04-10 07:53 - 2019-03-13 11:02 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-04-10 07:53 - 2019-03-13 10:35 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll
2019-04-10 07:53 - 2019-03-13 10:35 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll
2019-04-10 07:53 - 2019-03-12 10:34 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-04-10 07:53 - 2019-03-12 10:34 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-04-10 07:53 - 2019-03-12 10:34 - 000340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 002009600 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 001894912 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 001032192 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 000688128 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\oleprn.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 001391616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 001241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 000827904 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 000107520 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleprn.dll
2019-04-10 07:53 - 2019-02-21 11:48 - 000025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2019-04-10 07:53 - 2019-02-21 11:43 - 000026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2019-04-10 07:53 - 2019-02-21 11:37 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2019-04-10 07:53 - 2019-02-12 12:08 - 014184448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2019-04-10 07:53 - 2019-02-12 12:08 - 001867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2019-04-10 07:53 - 2019-02-12 11:58 - 012880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2019-04-10 07:53 - 2019-02-12 11:58 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2019-04-10 07:52 - 2019-03-26 02:03 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2019-04-10 07:52 - 2019-03-26 02:03 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2019-04-10 07:52 - 2019-03-26 01:01 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2019-04-10 07:52 - 2019-03-20 22:10 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2019-04-10 07:52 - 2019-03-20 22:10 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2019-04-10 07:52 - 2019-03-20 22:10 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2019-04-10 07:52 - 2019-03-20 22:10 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:45 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2019-04-10 07:52 - 2019-03-20 21:45 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2019-04-10 07:52 - 2019-03-20 21:44 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2019-04-10 07:52 - 2019-03-20 21:40 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2019-04-10 07:52 - 2019-03-20 21:40 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2019-04-10 07:52 - 2019-03-20 21:36 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2019-04-10 07:52 - 2019-03-20 21:36 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2019-04-10 07:52 - 2019-03-20 21:36 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2019-04-10 07:52 - 2019-03-20 21:36 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2019-04-10 07:52 - 2019-03-20 21:35 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-04-10 07:52 - 2019-03-16 00:09 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2019-04-10 07:52 - 2019-03-16 00:09 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2019-04-10 07:52 - 2019-03-15 23:58 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2019-04-10 07:52 - 2019-03-15 23:58 - 000004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimg32.dll
2019-04-10 07:52 - 2019-03-15 23:40 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2019-04-10 07:52 - 2019-03-11 17:41 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2019-04-10 07:52 - 2019-03-11 17:41 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2019-04-10 07:52 - 2019-03-11 17:33 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2019-04-10 07:52 - 2019-03-11 17:33 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2019-04-10 07:52 - 2019-02-08 12:08 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2019-04-10 07:52 - 2019-02-08 12:00 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2019-04-10 07:24 - 2019-04-10 07:24 - 002206008 _____ (Valassis) C:\Users\Barley\Downloads\RMNEverydayCouponPrinter_prod310-rJdJQz8S.exe
2019-04-10 00:07 - 2019-04-10 00:07 - 004234808 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2019-04-09 17:00 - 2019-04-09 17:00 - 000765457 _____ C:\Users\Barley\Downloads\SmartSource_Coupon_April09 (1).fdf
2019-04-09 16:59 - 2019-04-09 16:59 - 000765469 _____ C:\Users\Barley\Downloads\SmartSource_Coupon_April09.fdf
2019-04-04 11:17 - 2019-04-04 11:17 - 000001732 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2.lnk
2019-04-04 11:17 - 2019-04-04 11:17 - 000001704 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2 Uninstaller.lnk
2019-04-04 11:16 - 2019-04-04 11:16 - 026783176 _____ (Qples Inc) C:\Users\Barley\Downloads\QponPrinter (5).exe
2019-04-04 11:16 - 2019-04-04 11:16 - 000000000 ____D C:\QponPrinterV2
2019-04-04 07:38 - 2019-04-01 10:55 - 000334336 _____ (Microsoft Corporation) C:\windows\system32\sipnotify.exe
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-04-28 14:14 - 2012-10-07 18:22 - 000003934 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DDA5C770-AE6C-4A93-AC90-AB64C59BEC72}
2019-04-28 13:34 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-28 13:34 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-28 09:53 - 2019-03-12 07:57 - 000003238 _____ C:\windows\System32\Tasks\Norton WSC Integration
2019-04-28 09:53 - 2019-01-21 22:37 - 000003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForBarley
2019-04-28 09:53 - 2019-01-21 22:37 - 000000336 _____ C:\windows\Tasks\HPCeeScheduleForBarley.job
2019-04-28 09:53 - 2018-12-24 16:53 - 000003636 _____ C:\windows\System32\Tasks\Reason Core Security Scheduled Scan
2019-04-28 09:53 - 2018-12-24 16:53 - 000003376 _____ C:\windows\System32\Tasks\Reason Core Security
2019-04-28 09:53 - 2018-09-13 21:51 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2019-04-28 09:53 - 2018-03-13 17:07 - 000004466 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-28 09:53 - 2018-01-09 02:01 - 000003916 _____ C:\windows\System32\Tasks\Antivirus Emergency Update
2019-04-28 09:53 - 2017-09-01 00:12 - 000004478 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-04-28 09:53 - 2017-04-15 07:34 - 000003118 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003092 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003090 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003062 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003060 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2019-04-28 09:53 - 2015-04-24 00:38 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-04-28 09:53 - 2015-02-03 22:08 - 000003164 _____ C:\windows\System32\Tasks\{D95529CE-E95E-447C-8D8C-4C1A622E5294}
2019-04-28 09:53 - 2013-12-25 11:30 - 000003506 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000UA
2019-04-28 09:53 - 2013-12-25 11:30 - 000003234 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000Core
2019-04-28 09:53 - 2012-10-07 18:26 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-28 09:53 - 2012-10-07 18:25 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-28 09:53 - 2012-10-02 14:44 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2019-04-28 07:58 - 2012-10-02 14:47 - 000000000 ____D C:\ProgramData\PDFC
2019-04-28 07:58 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-04-27 17:19 - 2016-12-25 12:57 - 000008051 _____ C:\windows\BRRBCOM.INI
2019-04-25 13:56 - 2012-11-11 22:07 - 000000000 ____D C:\Users\Barley\AppData\Local\CrashDumps
2019-04-25 09:22 - 2018-01-09 02:01 - 000476824 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys
2019-04-25 09:22 - 2018-01-09 02:01 - 000385904 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys
2019-04-25 09:21 - 2019-01-04 08:37 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArDisk.sys
2019-04-25 09:21 - 2018-10-20 11:08 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgKbd.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000220472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArPot.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000166896 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000112360 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys
2019-04-25 09:20 - 2019-01-14 12:38 - 000254680 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdriver.sys
2019-04-25 09:20 - 2019-01-04 08:37 - 000320672 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgblog.sys
2019-04-25 09:20 - 2019-01-04 08:37 - 000196560 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsh.sys
2019-04-25 09:20 - 2019-01-04 08:37 - 000058152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniv.sys
2019-04-23 07:44 - 2018-05-18 10:05 - 000236544 ___SH C:\Users\Barley\Desktop\Thumbs.db
2019-04-23 07:42 - 2017-03-23 07:44 - 001426944 ___SH C:\Users\Barley\Downloads\Thumbs.db
2019-04-23 06:50 - 2009-07-14 01:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2019-04-23 06:50 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2019-04-11 14:46 - 2015-04-24 00:38 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-11 09:45 - 2009-07-13 23:20 - 000000000 ____D C:\windows\rescache
2019-04-11 07:31 - 2009-07-14 00:45 - 000332232 _____ C:\windows\system32\FNTCACHE.DAT
2019-04-11 00:23 - 2014-09-06 19:49 - 000000000 ____D C:\windows\system32\MRT
2019-04-11 00:18 - 2014-09-06 19:49 - 131129288 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-04-10 07:25 - 2015-04-21 09:51 - 000000000 ____D C:\Program Files (x86)\Valassis
2019-04-10 00:07 - 2012-10-02 14:44 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-04-10 00:07 - 2012-10-02 14:44 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-10 00:07 - 2012-10-02 14:44 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-04-10 00:07 - 2012-10-02 14:44 - 000000000 ____D C:\windows\system32\Macromed
2019-04-09 23:22 - 2012-10-07 18:28 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-09 08:16 - 2009-07-14 01:08 - 000032656 _____ C:\windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2014-09-06 21:02 - 2014-09-06 21:02 - 000000055 _____ () C:\Users\Barley\AppData\Roaming\mbam.context.scan
2013-08-10 00:33 - 2013-08-10 00:34 - 000595302 _____ () C:\Users\Barley\AppData\Roaming\Scorch_Install.log
2012-10-08 15:16 - 2015-09-09 19:32 - 000011264 _____ () C:\Users\Barley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-04-23 00:25
==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019

Ran by Barley (28-04-2019 14:17:41)
Running from C:\Users\Barley\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-07 22:17:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-632860548-1775735820-415820443-500 - Administrator - Disabled)
Barley (S-1-5-21-632860548-1775735820-415820443-1000 - Administrator - Enabled) => C:\Users\Barley
Guest (S-1-5-21-632860548-1775735820-415820443-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {19116A92-4E0F-6AEB-F126-5230691200C8}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: Norton Internet Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-b59b7394-ad89-4e36-9b0e-246773f6f556) (Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Able RAWer 1.10.3.20 (HKLM-x32\...\Able RAWer_is1) (Version: 1.10.3.20 - GraphicRegion.com)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.4.3089 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\WTA-ac717e9e-48e0-49d5-b5a2-824923e38ed4) (Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WTA-73c3dc74-4cd1-419d-b230-d78796a73007) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{4A30C4EE-52AC-4A6B-A898-D484E9FAED63}) (Version: 1.5.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{B843B8F3-1815-4335-99F2-039AE06CAD86}) (Version: 1.0.15.10 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (HKLM-x32\...\{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (HKLM-x32\...\{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-350df33b-9fdb-4c58-80af-3f5a302269c2) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ControlCenter4 (HKLM-x32\...\{C5744F42-FDC4-4CC2-B4A8-47C9AA9553B4}) (Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-1c1f6121-da0f-4e8c-9c68-5081de00e04b) (Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDetect (HKLM-x32\...\{CEF07BDC-47F1-4477-8F3C-0E7132AF88C5}) (Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
Dietz & Watson 2015 (HKLM-x32\...\{CD6EEFE2-17F9-AC22-9223-48776E476221}) (Version: 2.5 - Koupon Media) Hidden
Dietz & Watson 2015 (HKLM-x32\...\com.kouponmedia.dietzandwatson2015) (Version: 2.5 - Koupon Media)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-220769bc-a6cc-4095-8049-d7448f650a3e) (Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 7.0 (HKLM-x32\...\{6675E71B-9843-4971-BC15-18AB52801134}) (Version: 7.00.200.409 - ScanSoft)
Elevated Installer (HKLM-x32\...\{352B1136-BF8D-4F5A-924B-43B26D05B3B5}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Escape the Emerald Star (HKLM-x32\...\WTA-424f1b8b-d37a-42ea-b226-3030d1996772) (Version: 2.2.0.98 - WildTangent) Hidden
Exact Audio Copy 1.2 (HKLM-x32\...\Exact Audio Copy) (Version: 1.2 - Andre Wiethoff)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-c81077f9-55f3-4d11-b4fe-585ad41d8209) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-ba2cfe9d-b15a-44af-87b3-25c19f580002) (Version: 2.2.0.97 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-0e36d320-14f2-4de0-88cd-beb4083d639d) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-844866d1-e9d3-40b2-a85e-666243def709) (Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.33.119 - Digital Wave Ltd)
Garmin Express (HKLM-x32\...\{874B12CE-2C6A-4E12-AEB5-4D35CCA5270B}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{BE770575-1FB0-47EB-A2EE-52107A023F12}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (HKLM-x32\...\WTA-a751c50d-1758-4426-8ac0-a7be901bb1c2) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-818c6384-6cd9-4f15-8a4f-14a502345e34) (Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Easy Print (HKLM-x32\...\{37C4570C-2F39-4756-AF26-A204CEF202D6}) (Version: 1.00.0000 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
iSpy (HKLM-x32\...\{50B1A3A0-3F87-44B3-9FF5-C97A50034BF6}) (Version: 7.1.8.0 - DeveloperInABox)
iSpy package installer (HKLM-x32\...\{a72b41a4-9cd1-4973-9783-83de69e05832}) (Version: 7.1.8.0 - DeveloperInABox)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-4660ad21-bbd2-4056-9274-17cdbb6e8a8c) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-6bd8460b-7dda-4a26-9e12-707c452d9b21) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-5333fae1-48ca-41d7-8382-7c65262bc50c) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
Luxor HD (HKLM-x32\...\WTA-7d011431-914e-437f-b7a1-ef23ab9154a0) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-0fd9482b-7878-4605-8c28-19efd6521c0a) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-7fc1033b-c678-45d5-a485-905aaf4a04e4) (Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life 2 (HKLM-x32\...\WTA-3daa2b41-1b22-4cc2-838a-7a7c844442d1) (Version: 2.2.0.98 - WildTangent) Hidden
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Norton Internet Security (HKLM-x32\...\NGC) (Version: 22.17.0.183 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-c6d3fe1b-0537-4004-87f7-b2843d0833ac) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-c43bee99-1714-4c3c-82e7-267367a21983) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-ceced49d-d9ad-49da-ac4a-adcacf6cd937) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-ad6b48d4-4aa6-49b1-b668-6005090a3c83) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-417cc89d-18f1-44b3-90c8-0f4968fb00c2) (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RemoteSetup (HKLM-x32\...\{B6CE4633-EA3F-4856-9BCC-9B8702E076FE}) (Version: 3.8.0.2 - Brother Industries Ltd.) Hidden
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
RimhillEx 1.08 (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\RimhillEx_is1) (Version:  - the sz development)
RMNEveryday Coupon Printer (HKLM-x32\...\{08586830-7F6E-41F5-9A1C-51F7D2873631}) (Version: 3.1.0.0 - Valassis)
Roads of Rome 3 (HKLM-x32\...\WTA-0939384a-c84d-4e93-be59-7ae8b6d3e2dc) (Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 13.0.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.17.0 - Adlice Software)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Smilebox) (Version: 1.0.0.31741 - Smilebox, Inc.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Tales of Lagoona (HKLM-x32\...\WTA-75f90731-d0ef-4ead-85f3-edbfba5c6ced) (Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (HKLM-x32\...\{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\WTA-3c9ded15-538a-4040-b422-610d26c7de9d) (Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (HKLM-x32\...\{F89BADB0-D319-470E-8024-443EE3A3402B}) (Version: 5.1.15.0 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-a76813b1-d318-4c70-b481-009dabe4cb9b) (Version: 2.2.0.98 - WildTangent) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 9.0.1.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.1.4 - Wondershare Software)
Youda Fisherman (HKLM-x32\...\WTA-cb0bd757-b714-4ced-8e65-6cdcd47c3ad9) (Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-6a3fb242-dbd2-46cf-bf50-6031b10d212b) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2014-11-21] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-08-24] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-16] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\windows\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-06] (Hewlett-Packard Company -> Hewlett-Packard)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-08-24] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-16] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2012-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-08-24] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-16] (WinZip Computing -> WinZip Computing, S.L.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-10-02 14:29 - 2012-03-30 05:05 - 000311296 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe
2012-10-02 14:36 - 2012-01-10 14:02 - 001115136 _____ (Ralink Technology, Corp.) [File not signed] C:\windows\system32\RAIHV.dll
2017-03-03 18:38 - 2015-02-27 15:38 - 000721263 _____ () [File not signed] C:\windows\SysWOW64\WSCM64.dll
2008-12-03 21:05 - 2008-12-03 21:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 21:05 - 2008-12-03 21:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-10-02 14:36 - 2012-01-13 02:00 - 000372736 _____ (Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
2012-10-02 14:36 - 2012-01-13 02:01 - 000447488 _____ (Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
2017-01-15 01:15 - 2016-10-07 21:00 - 000659456 _____ (the sz development) [File not signed] C:\Users\Barley\AppData\Local\RimhillEx\RimhillEx.exe
2014-11-11 18:44 - 2014-11-11 18:44 - 004517376 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2014-11-12 10:35 - 2014-11-12 10:35 - 000583168 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2014-10-22 12:04 - 2014-10-22 12:04 - 001939968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
2014-11-12 10:33 - 2014-11-12 10:33 - 001543168 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2016-12-25 12:57 - 2013-03-08 16:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\BrNetSti.dll
2016-12-25 12:57 - 2005-04-22 14:36 - 000143360 _____ () [File not signed] C:\windows\system32\BrSNMP64.dll
2014-10-23 15:21 - 2014-10-23 15:21 - 000289792 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2011-08-16 17:03 - 2011-08-16 17:03 - 000016384 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
2011-08-16 17:03 - 2011-08-16 17:03 - 000020480 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
2019-04-28 13:24 - 2019-04-28 13:25 - 005198336 _____ (AVAST Software) [File not signed] C:\Users\Barley\Downloads\aswMBR.exe
2012-10-02 14:36 - 2011-12-14 23:30 - 000516096 _____ (Ralink Technology, Inc.) [File not signed] C:\Program Files (x86)\Ralink\Common\ICSDHCP.dll
2012-12-25 16:57 - 2008-08-12 17:49 - 000024576 _____ (ArcSoft, Inc.) [File not signed] C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\uTMEMUIMgrEngine.dll
2012-12-25 16:57 - 2010-10-08 17:27 - 000024576 _____ (ArcSoft, Inc.) [File not signed] C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\Language\EN\uEasyBackupMonitorRes.dll
2009-02-27 17:38 - 2009-02-27 17:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-10-10 22:55 - 2013-10-10 22:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2011-02-28 12:32 - 2011-02-28 12:32 - 000208896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2014-11-12 10:17 - 2014-11-12 10:17 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-03-03 18:39 - 2016-10-08 17:48 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-03-03 18:39 - 2016-07-21 11:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-03-03 18:39 - 2016-10-08 17:49 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
2014-09-09 10:39 - 2014-09-09 10:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2014-09-09 10:38 - 2014-09-09 10:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2014-09-09 10:38 - 2014-09-09 10:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2014-11-13 19:55 - 2014-11-13 19:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2010-09-29 18:07 - 2010-09-29 18:07 - 000180224 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-24 12:51 - 2019-03-27 20:42 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-24 12:51 - 2019-03-27 20:42 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2014-05-24 13:41 - 2003-03-26 12:26 - 000021504 _____ () [File not signed] C:\windows\SysWow64\docobj.dll
2019-04-28 13:25 - 2019-04-28 13:25 - 001228800 _____ (ALWIL Software) [File not signed] C:\Users\Barley\AppData\Local\Temp\_av4_\aswEngin.dll
2019-04-28 13:25 - 2019-04-28 13:25 - 000086016 _____ (ALWIL Software) [File not signed] C:\Users\Barley\AppData\Local\Temp\_av4_\aswScan.dll
2019-04-28 13:25 - 2019-04-28 13:25 - 000081920 _____ (ALWIL Software) [File not signed] C:\Users\Barley\AppData\Local\Temp\_av4_\aswCmnOS.dll
2019-04-28 13:25 - 2019-04-28 13:25 - 000131072 _____ (ALWIL Software) [File not signed] C:\Users\Barley\AppData\Local\Temp\_av4_\aswCmnB.dll
2019-04-28 13:25 - 2019-04-28 13:25 - 000192512 _____ (ALWIL Software) [File not signed] C:\Users\Barley\AppData\Local\Temp\_av4_\aswCmnS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\sjhnh.org -> hxxps://gateway1.sjhnh.org
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-12-24 16:54 - 000002103 ____N C:\windows\system32\drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-632860548-1775735820-415820443-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files (x86)\ScanSoft\NaturallySpeaking\Program\ereg.ini"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C40D9B13-61A2-4285-A4E7-E26BB14A390D}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (Ralink Technology Corporation -> )
FirewallRules: [{8E66A095-795E-494F-8F39-F583A6C355AE}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (Ralink Technology Corporation -> )
FirewallRules: [{64D8B223-4FDB-4856-984E-D6A313D081AC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{46D3AD7D-F0D3-4B5B-A87A-8A74DD670C45}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{096CA7E4-26E4-4D3F-BCE6-8B421C198BB6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{62DA04C4-6D00-4D4D-83D7-0C35250D69CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{77D34678-43F1-4822-B594-6E09D82214B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{368B141D-50B1-4EE3-9F97-6978FEC3BCA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{748AC05F-6DAF-4DDA-B7F8-49F3BAC6092C}] => (Allow) LPort=2869
FirewallRules: [{1A056468-B541-45F9-9F3B-9DE4103860F9}] => (Allow) LPort=1900
FirewallRules: [{47F869E4-237F-428A-87B2-B24C77087D97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{083D86A3-2137-4A0F-A1FD-6C5139F7A6D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C757619-EA6B-4395-B7C1-7FD9D82913A0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{337898BF-4E6C-4F28-B6FF-F4E0103C7088}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{72660C52-6CAD-426B-8480-9A4CCDA25FDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{A7ED8D1C-7DC5-4254-9A3C-7210F65BCA23}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{FC12E3B7-37DB-40F2-8007-7CDBA8F98DA1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8F68A5A-37F7-458F-A223-6EDFBEB178CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29DFB764-4E0E-4C7F-8E63-04BEEB9E85E5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6DFF213C-2E9D-40B4-93A0-96C6D06DBDBF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16F9FFA7-DE34-4195-8889-99836EA872DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{188D6962-81EE-44A5-8C30-3730334E748F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9DF14B61-33D7-4600-A2DC-8B67E3D34687}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C02B03BE-C660-42B9-AF20-FE8402B12E27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1E46AAC8-F6F9-4A9E-80D6-C952FCBA08A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe No File
FirewallRules: [{C803B594-7DEF-49DD-B2B1-190FC1E5BDF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe No File
FirewallRules: [{E2A974B2-9D33-4747-A3E5-A6E3DB73D7A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe No File
FirewallRules: [{B847FD57-37DB-41C1-B8EE-F834959F0586}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe No File
FirewallRules: [{2BC6FC16-2643-4675-8DA0-D440DAAB07D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{2E5B1FB9-CD88-4C24-BCCA-1B1C98E43CF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{971D0E46-D0B7-4B59-A6F8-5474F692BAFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe No File
FirewallRules: [{BED31218-45AD-43F9-9FC9-381AE7CBE610}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{2FC88A0B-5EB8-45B5-AEBA-CDA2C66C54B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe No File
FirewallRules: [{371C863F-1809-44C4-8001-AC3E16BC8CC9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{AA1AED5A-88F8-45FE-BEBC-F85163E1DB67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{C9A77EEA-40C1-4D8F-8DA8-4E74A52A3F2A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{766360E0-0271-47DC-9292-260B4AF19224}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe No File
FirewallRules: [{3A9268B3-2F0B-4490-8182-A74DFB16F9A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{62364A33-C195-4DAB-87F8-D01F2F09A8B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{A33F9CEA-E81D-4C74-87BF-B40CE8544101}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe No File
FirewallRules: [{57303010-2E61-4E65-8DE8-0FD8771F2010}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe No File
FirewallRules: [{B5492CC8-06DF-47E8-8D6D-082A6BD1DF53}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{6D422CBB-1201-4676-A036-95969E82F3FE}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{3ED30955-EFF3-4107-8BE4-689FCE621E0B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{E0E4ABAD-93C0-4E6E-A0A0-A4A561496784}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{BD69C17B-9FC9-4912-A2C1-3AE23478EB2E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{44605B2D-69D2-45FD-968A-081B858ACCBF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{4243050D-CF14-483C-945D-B517D4B8E297}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6807B6A1-AAC1-4555-8EA4-D9633E4A34B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{402DF736-0E3F-482F-813A-1E0EFF713B0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F613D847-4755-4F67-9E83-CA8D9D16A333}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{524FBD36-AFE4-4D69-ACC6-FBAFA6255D9C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B497A808-16EF-4A4D-9A0B-B40E7343890A}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe No File
FirewallRules: [{316051F7-DEE7-47A6-B06C-7130CBFECE25}] => (Allow) LPort=54925
FirewallRules: [{3355062F-82C4-416B-BD10-2077C5EE5B54}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{42C4E2DF-128F-46EF-80AB-44DB8071AB7F}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [TCP Query User{DCC6D6F3-CA37-4C33-BB20-487FF64D6B8C}C:\program files (x86)\ispy\ispy.exe] => (Allow) C:\program files (x86)\ispy\ispy.exe (www.ispyconnect.com) [File not signed]
FirewallRules: [UDP Query User{E94EC77B-A670-4571-8F8D-6C3CC3F6A21B}C:\program files (x86)\ispy\ispy.exe] => (Allow) C:\program files (x86)\ispy\ispy.exe (www.ispyconnect.com) [File not signed]
FirewallRules: [{7E8BE478-1DBB-4D62-99D6-A44BE5BD2EE1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
11-04-2019 00:16:54 Windows Update
18-04-2019 08:49:22 Scheduled Checkpoint
25-04-2019 09:52:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2019 01:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Faulting module name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Exception code: 0xc0000005
Fault offset: 0x00018288
Faulting process id: 0xef4
Faulting application start time: 0x01d4fb68f5fb307f
Faulting application path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Faulting module path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Report Id: b82f83c3-6780-11e9-ac08-24be05218274
 
Error: (04/04/2019 07:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Faulting module name: USP10.dll, version: 1.626.7601.23894, time stamp: 0x59946079
Exception code: 0xc0000005
Fault offset: 0x00058240
Faulting process id: 0x7cc
Faulting application start time: 0x01d4ead95e655078
Faulting application path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Faulting module path: C:\windows\syswow64\USP10.dll
Report Id: 2770230c-5730-11e9-9647-24be05218274
 
Error: (03/08/2019 06:36:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.4.0.0.7.8.D.8.1.0.1.0.6.2.ip6.arpa. PTR Barley-HP.local.
 
Error: (03/08/2019 06:36:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.9:5353   23 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.4.0.0.7.8.D.8.1.0.1.0.6.2.ip6.arpa. PTR DESKTOP-8VPP8TN.local.
 
Error: (03/08/2019 11:39:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TouchpointAnalyticsClient.exe, version: 4.0.2.1439, time stamp: 0x5a148768
Faulting module name: clr.dll, version: 4.7.3324.0, time stamp: 0x5c09b330
Exception code: 0xc0000005
Fault offset: 0x00000000001c1ebe
Faulting process id: 0x1d84
Faulting application start time: 0x01d4d5c51144aff0
Faulting application path: C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 549b2ef8-41b8-11e9-b14e-24be05218274
 
Error: (03/08/2019 11:39:15 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: TouchpointAnalyticsClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 000007FEED1A1EBE (000007FEECFE0000) with exit code 80131506.
 
Error: (02/11/2019 02:33:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Faulting module name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Exception code: 0xc0000005
Fault offset: 0x00063659
Faulting process id: 0x928
Faulting application start time: 0x01d4c20123940c22
Faulting application path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Faulting module path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Report Id: 775de128-2e2b-11e9-be31-24be05218274
 
Error: (01/04/2019 08:38:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
 
System errors:
=============
Error: (04/28/2019 08:16:24 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D3EED012-4886-4C2D-8491-DD153D715076}.
The backup browser is stopping.
 
Error: (04/28/2019 07:58:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (04/27/2019 10:26:25 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D3EED012-4886-4C2D-8491-DD153D715076}.
The backup browser is stopping.
 
Error: (04/27/2019 10:12:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (04/27/2019 10:08:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (04/26/2019 04:40:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (04/26/2019 04:40:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (04/26/2019 07:45:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
 
CodeIntegrity:
===================================
 
Date: 2013-01-24 07:41:06.474
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2013-01-24 07:41:06.456
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: AMI 7.12 06/07/2012
Motherboard: Foxconn 2ADA
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 91%
Total physical RAM: 6030.01 MB
Available physical RAM: 534.26 MB
Total Virtual: 12058.17 MB
Available Virtual: 6345.2 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:914.75 GB) (Free:748.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.54 GB) (Free:2.06 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 April 2019 - 04:41 AM

Hello BobDylan and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

================================================

Multiple antiviruses

You have Norton Internet Security and AVG antivirus programs installed. Although Norton is disabled, it still runs tasks in the backgroud.

In the Control Panel, Programs and Features, click on Norton Internet Security and then Uninstall.

================================================

Let’s check that downloadmyInbox helper has gone, (I don’t use Chrome so these instructions may not be 100% accurate}.

In Chrome, go to Settings, then scroll down and click on Advanced.

Now scroll down and click on Content Settings > Notifications.

There should be a list of website adresses allowing pop-up messages.

Right-click on the icon to the right of each website and choose either ‘Block’ or ‘Remove’.

================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

================================================

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

AdwCleaner log
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 BobDylan

BobDylan

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 30 April 2019 - 12:32 AM

Hi Nina - thanks so much for your help - I really appreciate it!

 

I've been meaning to uninstall Norton, and have finally done that now.

I've changed the Chrome settings to Block/remove the pop-ups (DownloadMyInboxhelper was still in there).

 

Here are the logs for AdwCleaner and FRST.

 

Thanks again!

 

AdwCleaner:

 

# -------------------------------

# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-29.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-30-2019
# Duration: 00:00:02
# OS:       Windows 7 Home Premium
# Cleaned:  7
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Amazon Assistant for Chrome
Deleted       Amazon Assistant for Chrome
Deleted       Bitly | Unleash the power of the link
Deleted       CouponXplorer
Deleted       FromDocToPDF
Deleted       FromDocToPDF
Deleted       Hover Zoom
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1595 octets] - [30/04/2019 02:14:20]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Barley (administrator) on BARLEY-HP (Hewlett-Packard p7-1370t) (30-04-2019 02:19:33)
Running from C:\Users\Barley\Downloads
Loaded Profiles: Barley (Available Profiles: Barley)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Garmin International, Inc. -> Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Garmin International, Inc. -> Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> ) C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Users\Barley\Downloads\adwcleaner_7.3.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Smilebox, Inc. -> Smilebox, Inc.) C:\Users\Barley\AppData\Roaming\Smilebox\SmileboxTray.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(the sz development) [File not signed] C:\Users\Barley\AppData\Local\RimhillEx\RimhillEx.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-11-12] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2017-02-16] (Wondershare software CO., LIMITED -> )
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin International, Inc. -> Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [Google Update] => C:\Users\Barley\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [60439BD48E4DF21A7F8F35AA69AA655C496AD691._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-03] (Google LLC -> Google Inc.)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Run: [SmileboxTray] => C:\Users\Barley\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\MountPoints2: {cf036f94-4e8d-11e2-b318-24be05218274} - G:\HPLauncher.exe
HKU\S-1-5-21-632860548-1775735820-415820443-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{0CE7EBAF-157D-4111-9146-057CB2A4023E}] -> msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{438363A8-F486-4C37-834C-4955773CB3D3}] -> msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Barley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk [2014-03-01]
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\StartHelper.exe (Hewlett-Packard Company -> )
Startup: C:\Users\Barley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2017-01-15]
ShortcutTarget: RimhillEx.lnk -> C:\Users\Barley\AppData\Local\RimhillEx\RimhillEx.exe (the sz development) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03256141-1BAE-4C9E-8D28-AED4BC1B37DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {13CA88A1-CDA4-4585-9F11-8BC5130BC8D0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {1ABD908E-44DD-46E5-93D6-F85795AE81E1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-10] (Adobe Inc. -> Adobe)
Task: {1EEF3C88-147F-49F3-962A-93E6D712F121} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {2AA6B539-4673-4A05-8597-E9C84EE0899E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {2C5DC53C-3BB7-43CC-AA49-116AAEF51CF5} - System32\Tasks\{D95529CE-E95E-447C-8D8C-4C1A622E5294} => C:\windows\system32\pcalua.exe -a "C:\Users\Barley\Downloads\chromeinstall-8u31 (1).exe" -d C:\Users\Barley\Downloads
Task: {40CB04A3-5E27-4FFF-8F98-2069CF54D5AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000Core => C:\Users\Barley\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {45416CB6-710F-4224-82AA-01FE4BC3D47B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.)
Task: {4DEF5C25-BA5D-4828-98AF-FC4FBA2C55C2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {4F04A113-09B2-4923-A098-4F9DCBB11ADA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D07362E-868E-43E5-9482-326BF8228EB4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {6D49B0C9-CEF2-467A-AD36-7DB6C8FE2F99} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FFD4DB9-989C-448E-A289-87703EFBF30A} - System32\Tasks\HPCeeScheduleForBarley => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {79A8F32F-EC48-4E54-BCA0-543CDD25FC43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {7A479DAC-A6ED-4050-961C-372019C23B7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {8D5865E3-B262-4FEE-BD7A-1A397D69B4EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {91C842F0-E78C-4C25-B1F5-28E7B64DE6C0} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe
Task: {9F9B883E-CB9B-48C3-BBF8-9C2C0E0750AC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFF25087-364C-4FB3-AAC9-50F6F6E0A392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {B458637F-D899-4538-BA11-2A14B1ED6A8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {BEF7C1BC-3725-43AE-B6C5-660106D31E7E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-20] (HP Inc. -> )
Task: {C2157C66-9811-49A0-AE86-9BC601639777} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2970544 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {C56A0862-A80E-4AF3-A838-7EE9E32EC86D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {CCEC197E-48A7-4647-AD8D-6D177DE3402A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000UA => C:\Users\Barley\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {DA1CEAA8-060C-4D55-81D2-C45E1899F543} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E25995B7-68C9-4394-B1CE-2988A5345F45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {E7FB2971-971E-4070-8510-39F850BF2B7F} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe
Task: {EF88B9A7-8B01-496D-BFED-719F2A3A7981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {FB40547D-7545-4F51-84A4-F02B26327EC3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-10] (Adobe Inc. -> Adobe)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\HPCeeScheduleForBarley.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{06AE0B1F-FB3C-4241-9145-DF12EC7CB857}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D3EED012-4886-4C2D-8491-DD153D715076}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D3EED012-4886-4C2D-8491-DD153D715076}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-01] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-02-16] (Wondershare software CO., LIMITED -> Wondershare)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-632860548-1775735820-415820443-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Barley\AppData\Roaming\Mozilla\Firefox\Profiles\z9dx3jxz.default [2018-12-23]
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [0000-00-00] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-03] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-03-03] [Legacy]
FF HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] (Avid Technology, Inc. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-632860548-1775735820-415820443-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Barley\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-632860548-1775735820-415820443-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Barley\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Barley\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-18]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxp://myipcamapp.net
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-25]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-04-30]
CHR Extension: (Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-24]
CHR Extension: (Asus Download Master) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\akidbpofokakpmmabjlpcgplfmbmcemj [2018-12-24]
CHR Extension: (Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-24]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-24]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-24]
CHR Extension: (FromDocToPDF) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpgfhhkchdfegbdmjginkcffgjncmboh [2019-04-30]
CHR Extension: (App for Instagram) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ebmdoffeooapnmjcnidddmhancpfpjab [2019-03-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-24]
CHR Extension: (MyIPCam) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hehdcdgdfhanbcbdkakahgpfinojokob [2019-04-16]
CHR Extension: (Savings Button: Deals + Cash Back) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmhdchlgkaelnphlklcdddpigfiblbhb [2018-12-24]
CHR Extension: (Cisco Webex Extension) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-12-24]
CHR Extension: (FromDocToPDF) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-04-30]
CHR Extension: (CouponXplorer) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk [2019-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-24]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-23]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-12-24]
CHR Extension: (Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-06]
CHR Extension: (Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-06]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-18]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-18]
CHR Extension: (Google Search) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-06]
CHR Extension: (Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-06]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-24]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-12-23]
CHR Extension: (Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-06]
CHR Extension: (Entanglement Web App) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aciahcmjmecflokailenpkdchphgkefd [2018-12-06]
CHR Extension: (Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-06]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-06]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-06]
CHR Extension: (Adblock Plus) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-06]
CHR Extension: (Pushbullet) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2018-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-12-06]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2018-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-06]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\elioihkkcdgakfbahdoddophfngopipi [2018-12-06]
CHR Extension: (Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-08]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-12-06]
CHR Extension: (Poppit!) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2018-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-06]
CHR Extension: (Amazon Smart Search) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf [2018-12-06]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-07]
CHR Profile: C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-25]
CHR Extension: (Google Slides) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-30]
CHR Extension: (Google Docs) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-30]
CHR Extension: (Google Drive) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-30]
CHR Extension: (YouTube) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-30]
CHR Extension: (Google Search) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-30]
CHR Extension: (Google Sheets) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-30]
CHR Extension: (Gmail) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [362536 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6709272 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-01-20] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin International, Inc. -> Garmin Ltd or its subsidiaries)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation -> Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] (Ralink Technology Corporation -> )
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012-03-30] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avgArDisk; C:\windows\System32\drivers\avgArDisk.sys [37368 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [205656 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdriver.sys [254680 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsh.sys [196560 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\windows\System32\drivers\avgblog.sys [320672 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniv.sys [58152 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\windows\System32\drivers\avgKbd.sys [42336 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [166896 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [112360 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [87992 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [1030832 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [476824 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\windows\System32\drivers\avgStm.sys [220472 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [385904 2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 igfx; C:\windows\System32\DRIVERS\igdkmd64.sys [14745600 2012-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-30] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 netr28ux; C:\windows\System32\DRIVERS\netr28ux.sys [966144 2009-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology Corp.)
S3 PSI; C:\windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [535040 2012-03-30] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-04-30 02:16 - 2019-04-30 02:16 - 000274416 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-04-30 02:13 - 2019-04-30 02:14 - 000000000 ____D C:\AdwCleaner
2019-04-30 02:12 - 2019-04-30 02:13 - 000001529 _____ C:\Users\Barley\Desktop\adwcleaner_7.3.exe - Shortcut.lnk
2019-04-30 02:09 - 2019-04-30 02:11 - 007025360 _____ (Malwarebytes) C:\Users\Barley\Downloads\adwcleaner_7.3.exe
2019-04-29 13:44 - 2019-04-30 01:56 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2019-04-28 14:17 - 2019-04-28 14:20 - 000064028 _____ C:\Users\Barley\Downloads\Addition.txt
2019-04-28 14:13 - 2019-04-30 02:20 - 000043191 _____ C:\Users\Barley\Downloads\FRST.txt
2019-04-28 14:11 - 2019-04-28 14:11 - 000001894 _____ C:\Users\Barley\Desktop\aswMBR.txt
2019-04-28 14:11 - 2019-04-28 14:11 - 000000512 _____ C:\Users\Barley\Desktop\MBR.dat
2019-04-28 13:32 - 2019-04-28 13:32 - 000001138 _____ C:\Users\Barley\Desktop\FRST64.exe - Shortcut.lnk
2019-04-28 13:30 - 2019-04-30 02:19 - 000000000 ____D C:\FRST
2019-04-28 13:29 - 2019-04-28 13:30 - 002429952 _____ (Farbar) C:\Users\Barley\Downloads\FRST64.exe
2019-04-28 13:26 - 2019-04-28 13:26 - 000001138 _____ C:\Users\Barley\Desktop\aswMBR.exe - Shortcut.lnk
2019-04-28 13:24 - 2019-04-28 13:25 - 005198336 _____ (AVAST Software) C:\Users\Barley\Downloads\aswMBR.exe
2019-04-25 09:22 - 2019-04-25 09:22 - 000000077 _____ C:\windows\system32\Drivers\avgSP.sys.sum
2019-04-25 09:21 - 2019-04-25 09:21 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe
2019-04-23 07:44 - 2019-04-23 07:44 - 000001870 _____ C:\Users\Barley\Desktop\IMG_9954 (2).JPG - Shortcut.lnk
2019-04-23 07:42 - 2019-04-23 07:42 - 000000000 ____D C:\Users\Barley\Documents\New folder
2019-04-23 07:34 - 2019-04-23 07:34 - 000000000 ____D C:\Users\Barley\AppData\Local\{E039D194-4010-43AB-B51D-A13324CD476F}
2019-04-10 07:53 - 2019-04-01 21:57 - 003229696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-04-10 07:53 - 2019-03-28 21:36 - 000114688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys
2019-04-10 07:53 - 2019-03-27 23:35 - 000348776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-04-10 07:53 - 2019-03-27 21:55 - 000397120 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-04-10 07:53 - 2019-03-26 02:14 - 025736704 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-04-10 07:53 - 2019-03-26 01:52 - 002902528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-04-10 07:53 - 2019-03-26 01:51 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2019-04-10 07:53 - 2019-03-26 01:51 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2019-04-10 07:53 - 2019-03-26 01:50 - 000577024 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-04-10 07:53 - 2019-03-26 01:50 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2019-04-10 07:53 - 2019-03-26 01:50 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2019-04-10 07:53 - 2019-03-26 01:44 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2019-04-10 07:53 - 2019-03-26 01:43 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2019-04-10 07:53 - 2019-03-26 01:41 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 005777920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 000790528 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-04-10 07:53 - 2019-03-26 01:40 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2019-04-10 07:53 - 2019-03-26 01:40 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2019-04-10 07:53 - 2019-03-26 01:35 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2019-04-10 07:53 - 2019-03-26 01:31 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2019-04-10 07:53 - 2019-03-26 01:26 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2019-04-10 07:53 - 2019-03-26 01:26 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2019-04-10 07:53 - 2019-03-26 01:25 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2019-04-10 07:53 - 2019-03-26 01:22 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2019-04-10 07:53 - 2019-03-26 01:22 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2019-04-10 07:53 - 2019-03-26 01:20 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2019-04-10 07:53 - 2019-03-26 01:18 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2019-04-10 07:53 - 2019-03-26 01:12 - 020280832 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-04-10 07:53 - 2019-03-26 01:10 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-04-10 07:53 - 2019-03-26 01:08 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-04-10 07:53 - 2019-03-26 01:08 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2019-04-10 07:53 - 2019-03-26 01:07 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2019-04-10 07:53 - 2019-03-26 01:06 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-04-10 07:53 - 2019-03-26 01:05 - 015284736 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-04-10 07:53 - 2019-03-26 01:00 - 004858880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-04-10 07:53 - 2019-03-26 00:51 - 000498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-04-10 07:53 - 2019-03-26 00:51 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2019-04-10 07:53 - 2019-03-26 00:50 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2019-04-10 07:53 - 2019-03-26 00:50 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2019-04-10 07:53 - 2019-03-26 00:50 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2019-04-10 07:53 - 2019-03-26 00:48 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-04-10 07:53 - 2019-03-26 00:48 - 001556992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-04-10 07:53 - 2019-03-26 00:46 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2019-04-10 07:53 - 2019-03-26 00:45 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2019-04-10 07:53 - 2019-03-26 00:44 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2019-04-10 07:53 - 2019-03-26 00:43 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-04-10 07:53 - 2019-03-26 00:43 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-04-10 07:53 - 2019-03-26 00:43 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2019-04-10 07:53 - 2019-03-26 00:36 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-04-10 07:53 - 2019-03-26 00:36 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2019-04-10 07:53 - 2019-03-26 00:33 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2019-04-10 07:53 - 2019-03-26 00:33 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-04-10 07:53 - 2019-03-26 00:32 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2019-04-10 07:53 - 2019-03-26 00:31 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2019-04-10 07:53 - 2019-03-26 00:29 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-04-10 07:53 - 2019-03-26 00:29 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2019-04-10 07:53 - 2019-03-26 00:29 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2019-04-10 07:53 - 2019-03-26 00:28 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2019-04-10 07:53 - 2019-03-26 00:24 - 013682176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-04-10 07:53 - 2019-03-26 00:23 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-04-10 07:53 - 2019-03-26 00:22 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-04-10 07:53 - 2019-03-26 00:21 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-04-10 07:53 - 2019-03-26 00:21 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2019-04-10 07:53 - 2019-03-26 00:08 - 004386304 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-04-10 07:53 - 2019-03-26 00:04 - 001332224 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-04-10 07:53 - 2019-03-26 00:02 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-04-10 07:53 - 2019-03-20 22:13 - 005552872 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-04-10 07:53 - 2019-03-20 22:13 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-04-10 07:53 - 2019-03-20 22:13 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-04-10 07:53 - 2019-03-20 22:13 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-04-10 07:53 - 2019-03-20 22:13 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2019-04-10 07:53 - 2019-03-20 22:12 - 001664352 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-04-10 07:53 - 2019-03-20 22:12 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2019-04-10 07:53 - 2019-03-20 22:10 - 001472512 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 001211392 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 001162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000733184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000236032 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000032768 _____ (Microsoft Corporation) C:\windows\system32\sxssrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2019-04-10 07:53 - 2019-03-20 22:10 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2019-04-10 07:53 - 2019-03-20 22:09 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2019-04-10 07:53 - 2019-03-20 22:03 - 003961576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2019-04-10 07:53 - 2019-03-20 22:02 - 004056296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2019-04-10 07:53 - 2019-03-20 22:02 - 001314104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000556032 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000275968 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2019-04-10 07:53 - 2019-03-20 22:00 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2019-04-10 07:53 - 2019-03-20 21:45 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2019-04-10 07:53 - 2019-03-20 21:41 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2019-04-10 07:53 - 2019-03-20 21:41 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2019-04-10 07:53 - 2019-03-20 21:41 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000464384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000406016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000169984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000161280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2019-04-10 07:53 - 2019-03-20 21:38 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-04-10 07:53 - 2019-03-20 21:37 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000044544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys
2019-04-10 07:53 - 2019-03-20 21:37 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2019-04-10 07:53 - 2019-03-16 00:11 - 000114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2019-04-10 07:53 - 2019-03-16 00:09 - 003247616 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 002072576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000878080 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000516608 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000025600 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2019-04-10 07:53 - 2019-03-16 00:09 - 000008192 _____ (Microsoft Corporation) C:\windows\system32\msimg32.dll
2019-04-10 07:53 - 2019-03-16 00:08 - 001942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2019-04-10 07:53 - 2019-03-16 00:08 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 002368000 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 001806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 001425920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000583680 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000046080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-04-10 07:53 - 2019-03-15 23:58 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2019-04-10 07:53 - 2019-03-15 23:42 - 000128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2019-04-10 07:53 - 2019-03-15 23:38 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2019-04-10 07:53 - 2019-03-13 11:09 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-04-10 07:53 - 2019-03-13 11:02 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-04-10 07:53 - 2019-03-13 10:35 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll
2019-04-10 07:53 - 2019-03-13 10:35 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll
2019-04-10 07:53 - 2019-03-12 10:34 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-04-10 07:53 - 2019-03-12 10:34 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-04-10 07:53 - 2019-03-12 10:34 - 000340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 002009600 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 001894912 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 001032192 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 000688128 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2019-04-10 07:53 - 2019-03-11 17:41 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\oleprn.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 001391616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 001241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 000827904 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll
2019-04-10 07:53 - 2019-03-11 17:33 - 000107520 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleprn.dll
2019-04-10 07:53 - 2019-02-21 11:48 - 000025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2019-04-10 07:53 - 2019-02-21 11:43 - 000026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2019-04-10 07:53 - 2019-02-21 11:37 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2019-04-10 07:53 - 2019-02-12 12:08 - 014184448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2019-04-10 07:53 - 2019-02-12 12:08 - 001867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2019-04-10 07:53 - 2019-02-12 11:58 - 012880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2019-04-10 07:53 - 2019-02-12 11:58 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2019-04-10 07:52 - 2019-03-26 02:03 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2019-04-10 07:52 - 2019-03-26 02:03 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2019-04-10 07:52 - 2019-03-26 01:01 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2019-04-10 07:52 - 2019-03-20 22:10 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2019-04-10 07:52 - 2019-03-20 22:10 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2019-04-10 07:52 - 2019-03-20 22:10 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2019-04-10 07:52 - 2019-03-20 22:10 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:09 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 22:00 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:45 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2019-04-10 07:52 - 2019-03-20 21:45 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2019-04-10 07:52 - 2019-03-20 21:44 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2019-04-10 07:52 - 2019-03-20 21:40 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2019-04-10 07:52 - 2019-03-20 21:40 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2019-04-10 07:52 - 2019-03-20 21:36 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2019-04-10 07:52 - 2019-03-20 21:36 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2019-04-10 07:52 - 2019-03-20 21:36 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2019-04-10 07:52 - 2019-03-20 21:36 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2019-04-10 07:52 - 2019-03-20 21:35 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 07:52 - 2019-03-20 21:35 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-04-10 07:52 - 2019-03-16 00:09 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2019-04-10 07:52 - 2019-03-16 00:09 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2019-04-10 07:52 - 2019-03-15 23:58 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2019-04-10 07:52 - 2019-03-15 23:58 - 000004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimg32.dll
2019-04-10 07:52 - 2019-03-15 23:40 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2019-04-10 07:52 - 2019-03-11 17:41 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2019-04-10 07:52 - 2019-03-11 17:41 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2019-04-10 07:52 - 2019-03-11 17:33 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2019-04-10 07:52 - 2019-03-11 17:33 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2019-04-10 07:52 - 2019-02-08 12:08 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2019-04-10 07:52 - 2019-02-08 12:00 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2019-04-10 07:24 - 2019-04-10 07:24 - 002206008 _____ (Valassis) C:\Users\Barley\Downloads\RMNEverydayCouponPrinter_prod310-rJdJQz8S.exe
2019-04-10 00:07 - 2019-04-10 00:07 - 004234808 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2019-04-09 17:00 - 2019-04-09 17:00 - 000765457 _____ C:\Users\Barley\Downloads\SmartSource_Coupon_April09 (1).fdf
2019-04-09 16:59 - 2019-04-09 16:59 - 000765469 _____ C:\Users\Barley\Downloads\SmartSource_Coupon_April09.fdf
2019-04-04 11:17 - 2019-04-04 11:17 - 000001732 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2.lnk
2019-04-04 11:17 - 2019-04-04 11:17 - 000001704 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2 Uninstaller.lnk
2019-04-04 11:16 - 2019-04-04 11:16 - 026783176 _____ (Qples Inc) C:\Users\Barley\Downloads\QponPrinter (5).exe
2019-04-04 11:16 - 2019-04-04 11:16 - 000000000 ____D C:\QponPrinterV2
2019-04-04 07:38 - 2019-04-01 10:55 - 000334336 _____ (Microsoft Corporation) C:\windows\system32\sipnotify.exe
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-04-30 02:20 - 2012-10-07 18:22 - 000003934 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DDA5C770-AE6C-4A93-AC90-AB64C59BEC72}
2019-04-30 02:16 - 2012-10-02 14:47 - 000000000 ____D C:\ProgramData\PDFC
2019-04-30 02:15 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-04-30 02:11 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-30 02:11 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-30 02:02 - 2019-01-21 22:37 - 000000336 _____ C:\windows\Tasks\HPCeeScheduleForBarley.job
2019-04-30 02:01 - 2012-10-02 14:51 - 000000000 ____D C:\ProgramData\Norton
2019-04-29 21:27 - 2019-01-21 22:37 - 000003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForBarley
2019-04-28 15:50 - 2016-12-25 12:57 - 000008051 _____ C:\windows\BRRBCOM.INI
2019-04-28 09:53 - 2018-12-24 16:53 - 000003636 _____ C:\windows\System32\Tasks\Reason Core Security Scheduled Scan
2019-04-28 09:53 - 2018-12-24 16:53 - 000003376 _____ C:\windows\System32\Tasks\Reason Core Security
2019-04-28 09:53 - 2018-09-13 21:51 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2019-04-28 09:53 - 2018-03-13 17:07 - 000004466 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-28 09:53 - 2018-01-09 02:01 - 000003916 _____ C:\windows\System32\Tasks\Antivirus Emergency Update
2019-04-28 09:53 - 2017-09-01 00:12 - 000004478 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-04-28 09:53 - 2017-04-15 07:34 - 000003118 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003092 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003090 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003062 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2019-04-28 09:53 - 2017-04-15 07:34 - 000003060 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2019-04-28 09:53 - 2015-04-24 00:38 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-04-28 09:53 - 2015-02-03 22:08 - 000003164 _____ C:\windows\System32\Tasks\{D95529CE-E95E-447C-8D8C-4C1A622E5294}
2019-04-28 09:53 - 2013-12-25 11:30 - 000003506 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000UA
2019-04-28 09:53 - 2013-12-25 11:30 - 000003234 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632860548-1775735820-415820443-1000Core
2019-04-28 09:53 - 2012-10-07 18:26 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-28 09:53 - 2012-10-07 18:25 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-28 09:53 - 2012-10-02 14:44 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2019-04-25 13:56 - 2012-11-11 22:07 - 000000000 ____D C:\Users\Barley\AppData\Local\CrashDumps
2019-04-25 09:22 - 2018-01-09 02:01 - 000476824 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys
2019-04-25 09:22 - 2018-01-09 02:01 - 000385904 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys
2019-04-25 09:21 - 2019-01-04 08:37 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArDisk.sys
2019-04-25 09:21 - 2018-10-20 11:08 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgKbd.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000220472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgArPot.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000166896 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000112360 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys
2019-04-25 09:21 - 2018-01-09 02:01 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys
2019-04-25 09:20 - 2019-01-14 12:38 - 000254680 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdriver.sys
2019-04-25 09:20 - 2019-01-04 08:37 - 000320672 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgblog.sys
2019-04-25 09:20 - 2019-01-04 08:37 - 000196560 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsh.sys
2019-04-25 09:20 - 2019-01-04 08:37 - 000058152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniv.sys
2019-04-23 07:44 - 2018-05-18 10:05 - 000236544 ___SH C:\Users\Barley\Desktop\Thumbs.db
2019-04-23 07:42 - 2017-03-23 07:44 - 001426944 ___SH C:\Users\Barley\Downloads\Thumbs.db
2019-04-23 06:50 - 2009-07-14 01:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2019-04-23 06:50 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2019-04-11 14:46 - 2015-04-24 00:38 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-11 09:45 - 2009-07-13 23:20 - 000000000 ____D C:\windows\rescache
2019-04-11 07:31 - 2009-07-14 00:45 - 000332232 _____ C:\windows\system32\FNTCACHE.DAT
2019-04-11 00:23 - 2014-09-06 19:49 - 000000000 ____D C:\windows\system32\MRT
2019-04-11 00:18 - 2014-09-06 19:49 - 131129288 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-04-10 07:25 - 2015-04-21 09:51 - 000000000 ____D C:\Program Files (x86)\Valassis
2019-04-10 00:07 - 2012-10-02 14:44 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-04-10 00:07 - 2012-10-02 14:44 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-10 00:07 - 2012-10-02 14:44 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-04-10 00:07 - 2012-10-02 14:44 - 000000000 ____D C:\windows\system32\Macromed
2019-04-09 23:22 - 2012-10-07 18:28 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-09 08:16 - 2009-07-14 01:08 - 000032656 _____ C:\windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2014-09-06 21:02 - 2014-09-06 21:02 - 000000055 _____ () C:\Users\Barley\AppData\Roaming\mbam.context.scan
2013-08-10 00:33 - 2013-08-10 00:34 - 000595302 _____ () C:\Users\Barley\AppData\Roaming\Scorch_Install.log
2012-10-08 15:16 - 2015-09-09 19:32 - 000011264 _____ () C:\Users\Barley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-04-23 00:25
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Barley (30-04-2019 02:23:09)
Running from C:\Users\Barley\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-07 22:17:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-632860548-1775735820-415820443-500 - Administrator - Disabled)
Barley (S-1-5-21-632860548-1775735820-415820443-1000 - Administrator - Enabled) => C:\Users\Barley
Guest (S-1-5-21-632860548-1775735820-415820443-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-b59b7394-ad89-4e36-9b0e-246773f6f556) (Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Able RAWer 1.10.3.20 (HKLM-x32\...\Able RAWer_is1) (Version: 1.10.3.20 - GraphicRegion.com)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.4.3089 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\WTA-ac717e9e-48e0-49d5-b5a2-824923e38ed4) (Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WTA-73c3dc74-4cd1-419d-b230-d78796a73007) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{4A30C4EE-52AC-4A6B-A898-D484E9FAED63}) (Version: 1.5.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{B843B8F3-1815-4335-99F2-039AE06CAD86}) (Version: 1.0.15.10 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (HKLM-x32\...\{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (HKLM-x32\...\{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-350df33b-9fdb-4c58-80af-3f5a302269c2) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ControlCenter4 (HKLM-x32\...\{C5744F42-FDC4-4CC2-B4A8-47C9AA9553B4}) (Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-1c1f6121-da0f-4e8c-9c68-5081de00e04b) (Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDetect (HKLM-x32\...\{CEF07BDC-47F1-4477-8F3C-0E7132AF88C5}) (Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
Dietz & Watson 2015 (HKLM-x32\...\{CD6EEFE2-17F9-AC22-9223-48776E476221}) (Version: 2.5 - Koupon Media) Hidden
Dietz & Watson 2015 (HKLM-x32\...\com.kouponmedia.dietzandwatson2015) (Version: 2.5 - Koupon Media)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-220769bc-a6cc-4095-8049-d7448f650a3e) (Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 7.0 (HKLM-x32\...\{6675E71B-9843-4971-BC15-18AB52801134}) (Version: 7.00.200.409 - ScanSoft)
Elevated Installer (HKLM-x32\...\{352B1136-BF8D-4F5A-924B-43B26D05B3B5}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Escape the Emerald Star (HKLM-x32\...\WTA-424f1b8b-d37a-42ea-b226-3030d1996772) (Version: 2.2.0.98 - WildTangent) Hidden
Exact Audio Copy 1.2 (HKLM-x32\...\Exact Audio Copy) (Version: 1.2 - Andre Wiethoff)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-c81077f9-55f3-4d11-b4fe-585ad41d8209) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-ba2cfe9d-b15a-44af-87b3-25c19f580002) (Version: 2.2.0.97 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-0e36d320-14f2-4de0-88cd-beb4083d639d) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-844866d1-e9d3-40b2-a85e-666243def709) (Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.33.119 - Digital Wave Ltd)
Garmin Express (HKLM-x32\...\{874B12CE-2C6A-4E12-AEB5-4D35CCA5270B}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{BE770575-1FB0-47EB-A2EE-52107A023F12}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (HKLM-x32\...\WTA-a751c50d-1758-4426-8ac0-a7be901bb1c2) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-818c6384-6cd9-4f15-8a4f-14a502345e34) (Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Easy Print (HKLM-x32\...\{37C4570C-2F39-4756-AF26-A204CEF202D6}) (Version: 1.00.0000 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
iSpy (HKLM-x32\...\{50B1A3A0-3F87-44B3-9FF5-C97A50034BF6}) (Version: 7.1.8.0 - DeveloperInABox)
iSpy package installer (HKLM-x32\...\{a72b41a4-9cd1-4973-9783-83de69e05832}) (Version: 7.1.8.0 - DeveloperInABox)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-4660ad21-bbd2-4056-9274-17cdbb6e8a8c) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-6bd8460b-7dda-4a26-9e12-707c452d9b21) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-5333fae1-48ca-41d7-8382-7c65262bc50c) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
Luxor HD (HKLM-x32\...\WTA-7d011431-914e-437f-b7a1-ef23ab9154a0) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-0fd9482b-7878-4605-8c28-19efd6521c0a) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-7fc1033b-c678-45d5-a485-905aaf4a04e4) (Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life 2 (HKLM-x32\...\WTA-3daa2b41-1b22-4cc2-838a-7a7c844442d1) (Version: 2.2.0.98 - WildTangent) Hidden
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-c6d3fe1b-0537-4004-87f7-b2843d0833ac) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-c43bee99-1714-4c3c-82e7-267367a21983) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-ceced49d-d9ad-49da-ac4a-adcacf6cd937) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-ad6b48d4-4aa6-49b1-b668-6005090a3c83) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-417cc89d-18f1-44b3-90c8-0f4968fb00c2) (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RemoteSetup (HKLM-x32\...\{B6CE4633-EA3F-4856-9BCC-9B8702E076FE}) (Version: 3.8.0.2 - Brother Industries Ltd.) Hidden
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
RimhillEx 1.08 (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\RimhillEx_is1) (Version:  - the sz development)
RMNEveryday Coupon Printer (HKLM-x32\...\{08586830-7F6E-41F5-9A1C-51F7D2873631}) (Version: 3.1.0.0 - Valassis)
Roads of Rome 3 (HKLM-x32\...\WTA-0939384a-c84d-4e93-be59-7ae8b6d3e2dc) (Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 13.0.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.17.0 - Adlice Software)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\Smilebox) (Version: 1.0.0.31741 - Smilebox, Inc.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Tales of Lagoona (HKLM-x32\...\WTA-75f90731-d0ef-4ead-85f3-edbfba5c6ced) (Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (HKLM-x32\...\{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\WTA-3c9ded15-538a-4040-b422-610d26c7de9d) (Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (HKLM-x32\...\{F89BADB0-D319-470E-8024-443EE3A3402B}) (Version: 5.1.15.0 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-a76813b1-d318-4c70-b481-009dabe4cb9b) (Version: 2.2.0.98 - WildTangent) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 9.0.1.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.1.4 - Wondershare Software)
Youda Fisherman (HKLM-x32\...\WTA-cb0bd757-b714-4ced-8e65-6cdcd47c3ad9) (Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-6a3fb242-dbd2-46cf-bf50-6031b10d212b) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2014-11-21] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-08-24] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-16] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\windows\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-06] (Hewlett-Packard Company -> Hewlett-Packard)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-08-24] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-16] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2012-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-08-24] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-16] (WinZip Computing -> WinZip Computing, S.L.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-10-02 14:29 - 2012-03-30 05:05 - 000311296 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe
2012-10-02 14:36 - 2012-01-10 14:02 - 001115136 _____ (Ralink Technology, Corp.) [File not signed] C:\windows\system32\RAIHV.dll
2017-03-03 18:38 - 2015-02-27 15:38 - 000721263 _____ () [File not signed] C:\windows\SysWOW64\WSCM64.dll
2008-12-03 21:05 - 2008-12-03 21:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2017-01-15 01:15 - 2016-10-07 21:00 - 000659456 _____ (the sz development) [File not signed] C:\Users\Barley\AppData\Local\RimhillEx\RimhillEx.exe
2014-11-11 18:44 - 2014-11-11 18:44 - 004517376 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2014-11-12 10:35 - 2014-11-12 10:35 - 000583168 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2014-10-22 12:04 - 2014-10-22 12:04 - 001939968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
2008-12-03 21:05 - 2008-12-03 21:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-10-02 14:36 - 2012-01-13 02:00 - 000372736 _____ (Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
2012-10-02 14:36 - 2012-01-13 02:01 - 000447488 _____ (Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
2014-11-12 10:33 - 2014-11-12 10:33 - 001543168 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2016-12-25 12:57 - 2013-03-08 16:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\BrNetSti.dll
2016-12-25 12:57 - 2005-04-22 14:36 - 000143360 _____ () [File not signed] C:\windows\system32\BrSNMP64.dll
2014-10-23 15:21 - 2014-10-23 15:21 - 000289792 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2011-08-16 17:03 - 2011-08-16 17:03 - 000016384 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
2011-08-16 17:03 - 2011-08-16 17:03 - 000020480 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
2012-12-25 16:57 - 2008-08-12 17:49 - 000024576 _____ (ArcSoft, Inc.) [File not signed] C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\uTMEMUIMgrEngine.dll
2012-12-25 16:57 - 2010-10-08 17:27 - 000024576 _____ (ArcSoft, Inc.) [File not signed] C:\Users\Barley\AppData\Roaming\HP SimpleSave Application\Language\EN\uEasyBackupMonitorRes.dll
2009-02-27 17:38 - 2009-02-27 17:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-10-10 22:55 - 2013-10-10 22:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2011-02-28 12:32 - 2011-02-28 12:32 - 000208896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2014-11-12 10:17 - 2014-11-12 10:17 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-03-03 18:39 - 2016-10-08 17:48 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-03-03 18:39 - 2016-07-21 11:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-03-03 18:39 - 2016-10-08 17:49 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
2012-10-02 14:36 - 2011-12-14 23:30 - 000516096 _____ (Ralink Technology, Inc.) [File not signed] C:\Program Files (x86)\Ralink\Common\ICSDHCP.dll
2014-09-09 10:39 - 2014-09-09 10:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2014-09-09 10:38 - 2014-09-09 10:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2014-09-09 10:38 - 2014-09-09 10:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2014-11-13 19:55 - 2014-11-13 19:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2010-09-29 18:07 - 2010-09-29 18:07 - 000180224 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-24 12:51 - 2019-03-27 20:42 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-24 12:51 - 2019-03-27 20:42 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-12-23 12:43 - 2019-03-27 20:42 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-27 20:42 - 2019-03-27 20:42 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\sjhnh.org -> hxxps://gateway1.sjhnh.org
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-12-24 16:54 - 000002103 ____N C:\windows\system32\drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-632860548-1775735820-415820443-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files (x86)\ScanSoft\NaturallySpeaking\Program\ereg.ini"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C40D9B13-61A2-4285-A4E7-E26BB14A390D}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (Ralink Technology Corporation -> )
FirewallRules: [{8E66A095-795E-494F-8F39-F583A6C355AE}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (Ralink Technology Corporation -> )
FirewallRules: [{64D8B223-4FDB-4856-984E-D6A313D081AC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{46D3AD7D-F0D3-4B5B-A87A-8A74DD670C45}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{096CA7E4-26E4-4D3F-BCE6-8B421C198BB6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{62DA04C4-6D00-4D4D-83D7-0C35250D69CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{77D34678-43F1-4822-B594-6E09D82214B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{368B141D-50B1-4EE3-9F97-6978FEC3BCA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{748AC05F-6DAF-4DDA-B7F8-49F3BAC6092C}] => (Allow) LPort=2869
FirewallRules: [{1A056468-B541-45F9-9F3B-9DE4103860F9}] => (Allow) LPort=1900
FirewallRules: [{47F869E4-237F-428A-87B2-B24C77087D97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{083D86A3-2137-4A0F-A1FD-6C5139F7A6D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C757619-EA6B-4395-B7C1-7FD9D82913A0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{337898BF-4E6C-4F28-B6FF-F4E0103C7088}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{72660C52-6CAD-426B-8480-9A4CCDA25FDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{A7ED8D1C-7DC5-4254-9A3C-7210F65BCA23}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{FC12E3B7-37DB-40F2-8007-7CDBA8F98DA1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8F68A5A-37F7-458F-A223-6EDFBEB178CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29DFB764-4E0E-4C7F-8E63-04BEEB9E85E5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6DFF213C-2E9D-40B4-93A0-96C6D06DBDBF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16F9FFA7-DE34-4195-8889-99836EA872DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{188D6962-81EE-44A5-8C30-3730334E748F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9DF14B61-33D7-4600-A2DC-8B67E3D34687}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C02B03BE-C660-42B9-AF20-FE8402B12E27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1E46AAC8-F6F9-4A9E-80D6-C952FCBA08A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe No File
FirewallRules: [{C803B594-7DEF-49DD-B2B1-190FC1E5BDF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe No File
FirewallRules: [{E2A974B2-9D33-4747-A3E5-A6E3DB73D7A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe No File
FirewallRules: [{B847FD57-37DB-41C1-B8EE-F834959F0586}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe No File
FirewallRules: [{2BC6FC16-2643-4675-8DA0-D440DAAB07D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{2E5B1FB9-CD88-4C24-BCCA-1B1C98E43CF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{971D0E46-D0B7-4B59-A6F8-5474F692BAFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe No File
FirewallRules: [{BED31218-45AD-43F9-9FC9-381AE7CBE610}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{2FC88A0B-5EB8-45B5-AEBA-CDA2C66C54B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe No File
FirewallRules: [{371C863F-1809-44C4-8001-AC3E16BC8CC9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{AA1AED5A-88F8-45FE-BEBC-F85163E1DB67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{C9A77EEA-40C1-4D8F-8DA8-4E74A52A3F2A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{766360E0-0271-47DC-9292-260B4AF19224}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe No File
FirewallRules: [{3A9268B3-2F0B-4490-8182-A74DFB16F9A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{62364A33-C195-4DAB-87F8-D01F2F09A8B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{A33F9CEA-E81D-4C74-87BF-B40CE8544101}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe No File
FirewallRules: [{57303010-2E61-4E65-8DE8-0FD8771F2010}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe No File
FirewallRules: [{B5492CC8-06DF-47E8-8D6D-082A6BD1DF53}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{6D422CBB-1201-4676-A036-95969E82F3FE}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{3ED30955-EFF3-4107-8BE4-689FCE621E0B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{E0E4ABAD-93C0-4E6E-A0A0-A4A561496784}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{BD69C17B-9FC9-4912-A2C1-3AE23478EB2E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{44605B2D-69D2-45FD-968A-081B858ACCBF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{4243050D-CF14-483C-945D-B517D4B8E297}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6807B6A1-AAC1-4555-8EA4-D9633E4A34B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{402DF736-0E3F-482F-813A-1E0EFF713B0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F613D847-4755-4F67-9E83-CA8D9D16A333}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{524FBD36-AFE4-4D69-ACC6-FBAFA6255D9C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B497A808-16EF-4A4D-9A0B-B40E7343890A}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe No File
FirewallRules: [{316051F7-DEE7-47A6-B06C-7130CBFECE25}] => (Allow) LPort=54925
FirewallRules: [{3355062F-82C4-416B-BD10-2077C5EE5B54}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{42C4E2DF-128F-46EF-80AB-44DB8071AB7F}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [TCP Query User{DCC6D6F3-CA37-4C33-BB20-487FF64D6B8C}C:\program files (x86)\ispy\ispy.exe] => (Allow) C:\program files (x86)\ispy\ispy.exe (www.ispyconnect.com) [File not signed]
FirewallRules: [UDP Query User{E94EC77B-A670-4571-8F8D-6C3CC3F6A21B}C:\program files (x86)\ispy\ispy.exe] => (Allow) C:\program files (x86)\ispy\ispy.exe (www.ispyconnect.com) [File not signed]
FirewallRules: [{7E8BE478-1DBB-4D62-99D6-A44BE5BD2EE1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
11-04-2019 00:16:54 Windows Update
18-04-2019 08:49:22 Scheduled Checkpoint
25-04-2019 09:52:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2019 01:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Faulting module name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Exception code: 0xc0000005
Fault offset: 0x00018288
Faulting process id: 0xef4
Faulting application start time: 0x01d4fb68f5fb307f
Faulting application path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Faulting module path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Report Id: b82f83c3-6780-11e9-ac08-24be05218274
 
Error: (04/04/2019 07:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Faulting module name: USP10.dll, version: 1.626.7601.23894, time stamp: 0x59946079
Exception code: 0xc0000005
Fault offset: 0x00058240
Faulting process id: 0x7cc
Faulting application start time: 0x01d4ead95e655078
Faulting application path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Faulting module path: C:\windows\syswow64\USP10.dll
Report Id: 2770230c-5730-11e9-9647-24be05218274
 
Error: (03/08/2019 06:36:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.4.0.0.7.8.D.8.1.0.1.0.6.2.ip6.arpa. PTR Barley-HP.local.
 
Error: (03/08/2019 06:36:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.9:5353   23 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.4.0.0.7.8.D.8.1.0.1.0.6.2.ip6.arpa. PTR DESKTOP-8VPP8TN.local.
 
Error: (03/08/2019 11:39:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TouchpointAnalyticsClient.exe, version: 4.0.2.1439, time stamp: 0x5a148768
Faulting module name: clr.dll, version: 4.7.3324.0, time stamp: 0x5c09b330
Exception code: 0xc0000005
Fault offset: 0x00000000001c1ebe
Faulting process id: 0x1d84
Faulting application start time: 0x01d4d5c51144aff0
Faulting application path: C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 549b2ef8-41b8-11e9-b14e-24be05218274
 
Error: (03/08/2019 11:39:15 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: TouchpointAnalyticsClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 000007FEED1A1EBE (000007FEECFE0000) with exit code 80131506.
 
Error: (02/11/2019 02:33:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Faulting module name: BrStMonW.exe, version: 1.12.4.0, time stamp: 0x5461c7c9
Exception code: 0xc0000005
Fault offset: 0x00063659
Faulting process id: 0x928
Faulting application start time: 0x01d4c20123940c22
Faulting application path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Faulting module path: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
Report Id: 775de128-2e2b-11e9-be31-24be05218274
 
Error: (01/04/2019 08:38:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
 
System errors:
=============
Error: (04/30/2019 02:19:17 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D3EED012-4886-4C2D-8491-DD153D715076}.
The backup browser is stopping.
 
Error: (04/30/2019 02:16:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (04/30/2019 02:14:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
The pipe has been ended.
 
Error: (04/30/2019 02:14:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\RAIHV.dll
 
Error: (04/30/2019 02:14:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\RAIHV.dll
 
Error: (04/30/2019 02:14:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\RAIHV.dll
 
Error: (04/30/2019 02:14:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/30/2019 02:14:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
 
Date: 2013-01-24 07:41:06.474
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2013-01-24 07:41:06.456
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: AMI 7.12 06/07/2012
Motherboard: Foxconn 2ADA
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 71%
Total physical RAM: 6030.01 MB
Available physical RAM: 1733.89 MB
Total Virtual: 12058.17 MB
Available Virtual: 7769.48 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:914.75 GB) (Free:750.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.54 GB) (Free:2.06 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================


#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 April 2019 - 09:40 AM

Remove Chrome Extensions or Plug-ins

Note: I don’t use Chrome so this may be outdated.

  • open Google Chrome
  • click on the Customise icon Chrome.gif, at the top right
  • click on Settings
  • on the left, click Extensions
  • click the trash can icon by Norton Identity Safe & Norton Security Toolbar
  • when the confirmation dialog appears, click Remove.

===================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate FRST64
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\MountPoints2: {cf036f94-4e8d-11e2-b318-24be05218274} - G:\HPLauncher.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-632860548-1775735820-415820443-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Extension: (Norton Identity Safe) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\EX64.SYS [X]
2019-04-23 07:34 - 2019-04-23 07:34 - 000000000 ____D C:\Users\Barley\AppData\Local\{E039D194-4010-43AB-B51D-A13324CD476F}
2014-09-06 21:02 - 2014-09-06 21:02 - 000000055 _____ () C:\Users\Barley\AppData\Roaming\mbam.context.scan
2013-08-10 00:33 - 2013-08-10 00:34 - 000595302 _____ () C:\Users\Barley\AppData\Roaming\Scorch_Install.log
2012-10-08 15:16 - 2015-09-09 19:32 - 000011264 _____ () C:\Users\Barley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [{B497A808-16EF-4A4D-9A0B-B40E7343890A}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe No File
C:\Program Files (x86)\Norton Internet Security
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Can you tell me if there are any outstanding problems.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 BobDylan

BobDylan

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 30 April 2019 - 10:34 AM

Hi Nina:

 

    I'm usually pretty good at following your instructions, but I just want to make sure on the fixlist thing, so bear with me.

   I have the FRST on my Desktop - do I run that first to create a FRST.txt, and then add your script in Notepad, or do I save the Notepad script first and then run FRST?

  And I'm not sure what folder I save the fixlist.txt file to - is that to the Desktop or in the FRST64 folder itself - not quite sure how to do that.

 Sorry, and thanks for your patience.

 

  Peter



#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 April 2019 - 02:02 PM

I have the FRST on my Desktop - do I run that first to create a FRST.txt, and then add your script in Notepad

No.

 

Now that FRST64 on your desktop, open Notepad and then copy my script and paste it into Notepad.

 

Save the Notepad file, as FRST.txt to your desktop, (the same location as FRST).

 

When you've done that, run FRST64 and when it opens, click on Fix.

 

This will produce a Fixlog.txt on your desktop.

 

Please post the contents of that in your next reply and remember to let me know if there are any outstanding issues.

 

Nina


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 BobDylan

BobDylan

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 30 April 2019 - 02:48 PM

Thanks Nina - that was easy.

 

Not sure what happened, but the computer is running much better already.

 

Thanks,

Peter

 

Here's the Fixlog.txt file:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Barley (30-04-2019 16:34:20) Run:1
Running from C:\Users\Barley\Desktop
Loaded Profiles: Barley (Available Profiles: Barley)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-632860548-1775735820-415820443-1000\...\MountPoints2: {cf036f94-4e8d-11e2-b318-24be05218274} - G:\HPLauncher.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-632860548-1775735820-415820443-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Extension: (Norton Identity Safe) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160823.022\EX64.SYS [X]
2019-04-23 07:34 - 2019-04-23 07:34 - 000000000 ____D C:\Users\Barley\AppData\Local\{E039D194-4010-43AB-B51D-A13324CD476F}
2014-09-06 21:02 - 2014-09-06 21:02 - 000000055 _____ () C:\Users\Barley\AppData\Roaming\mbam.context.scan
2013-08-10 00:33 - 2013-08-10 00:34 - 000595302 _____ () C:\Users\Barley\AppData\Roaming\Scorch_Install.log
2012-10-08 15:16 - 2015-09-09 19:32 - 000011264 _____ () C:\Users\Barley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [{B497A808-16EF-4A4D-9A0B-B40E7343890A}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe No File
C:\Program Files (x86)\Norton Internet Security
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\S-1-5-21-632860548-1775735820-415820443-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf036f94-4e8d-11e2-b318-24be05218274} => removed successfully
HKLM\Software\Classes\CLSID\{cf036f94-4e8d-11e2-b318-24be05218274} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKU\S-1-5-21-632860548-1775735820-415820443-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => removed successfully
CHR Extension: (Norton Identity Safe) - C:\Users\Barley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\System\CurrentControlSet\Services\AntiLog32 => removed successfully
AntiLog32 => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => removed successfully
NAVEX15 => service removed successfully
C:\Users\Barley\AppData\Local\{E039D194-4010-43AB-B51D-A13324CD476F} => moved successfully
C:\Users\Barley\AppData\Roaming\mbam.context.scan => moved successfully
C:\Users\Barley\AppData\Roaming\Scorch_Install.log => moved successfully
C:\Users\Barley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B497A808-16EF-4A4D-9A0B-B40E7343890A}" => removed successfully
"C:\Program Files (x86)\Norton Internet Security" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16689541 B
Java, Flash, Steam htmlcache => 1141 B
Windows/system/drivers => 37317987 B
Edge => 0 B
Chrome => 505592953 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Barley => 537818781 B
 
RecycleBin => 162673 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:34:49 ====


#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 April 2019 - 03:39 PM

Well done, that all looks good.

 

Any outstandimg problems?

 

Nina


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 BobDylan

BobDylan

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 30 April 2019 - 04:35 PM

Hi Nina:

    Everything looks good here. Running smoothly, with no pop-ups.

   If the logs look good to you, I think I'm all set then.

   Thanks again!



#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 April 2019 - 04:57 PM

Hi Peter

Your computer appears to be clean.

Now that it seems to be running well, please follow these steps to tidy up:


Update installed programs

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall:


Java 8 Update 191
 

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT

Install the latest version of Java:

Java

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers, therefore I recommend that you disable java in web browsers.

More information can be found here.

===================================================

Uninstall AdwCleaner

  • open adwcleaner.exe
  • click on Settings
  • click on the Application tab and scroll down to the bottom
  • click on Remove.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Nina

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#11 BobDylan

BobDylan

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 30 April 2019 - 07:22 PM

Hi Nina:

 

   Thanks for the advice - I'll update Java and clean up the other items as you suggested.

   Thanks for all your help and I'll let you know if I run into any problems!

 

   Peter



#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 May 2019 - 12:51 AM

Thanks for all your help

You're welcome.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 24 May 2019 - 05:01 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users