Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found trojan.agent gen dropper


  • This topic is locked This topic is locked
28 replies to this topic

#1 BuckJogSkiff

BuckJogSkiff

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 08 May 2017 - 02:07 AM

A while back, got some help from Bleeping Computer on Windows 7 sucking up too much physical memory with multiple Schvost.exe and iexplorer.exe. Some fixes were ran through, including Combo Fix. At the end, it was ruled that there was no malware at all, and it looked like the problem went away.

 

The problem of the multiple Schvost.exe and iexplorer.exe wound up steadily persisting until the CPU uses 0% memory and 45% physical memory at the same time. Opening up Internet Explorer windows  causes both memories to skyrocket, especially when there is a lot of graphics. Internet Explorer has to be closed and started up again until it hits too much memory usage again. Hit 100% earlier on the Bleeping Computer forums. Sometimes programs do not close fully, leaving behind ghost shells that have to be closed in Task Manager.

 

Running the free version of Malawarebytes and Adware Cleaner turned up nothing. However, SuperAntiSpyware quarantined a Trojan.agent gen dropper. Ran SuperAntiSpyware again, it did not show up. Before its time to have to fiddle with RogueKiller  on these forums, ran Minitoolbox and Security Check just in case.

 

Haven't been able to locate the original SuperAntiSpyware log that had the trojan, which is not good.

 

 

Adware Cleaner Log

 

# AdwCleaner v6.045 - Logfile created 07/05/2017 at 15:23:48

# Updated on 28/03/2017 by Malwarebytes

# Database : 2016-09-01.2 [Local]

# Operating System : Windows 7 Home Premium Service Pack 1 (X64)

# Username : Bendlebender - BLUEBEAST

# Running from : C:\Users\Bendlebender\Downloads\AdwCleaner.exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

 

***** [ Files ] *****

 

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Registry ] *****

 

[-] Data restored: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Key deleted: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sjc-usadmm.dotomi.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\undertale.en.softonic.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.myway.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.dogpile.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sjc-usadmm.dotomi.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\undertale.en.softonic.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.myway.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.dogpile.com

 

 

***** [ Web browsers ] *****

 

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock2 - Deleted C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [5648 Bytes] - [01/07/2016 18:16:25]

C:\AdwCleaner\AdwCleaner[C2].txt - [5036 Bytes] - [07/05/2017 15:23:48]

C:\AdwCleaner\AdwCleaner[S10].txt - [6001 Bytes] - [07/05/2017 15:23:03]

C:\AdwCleaner\AdwCleaner[S1].txt - [5856 Bytes] - [01/07/2016 18:07:17]

C:\AdwCleaner\AdwCleaner[S2].txt - [953 Bytes] - [01/07/2016 19:53:48]

C:\AdwCleaner\AdwCleaner[S3].txt - [1026 Bytes] - [02/07/2016 04:59:24]

C:\AdwCleaner\AdwCleaner[S4].txt - [1099 Bytes] - [06/07/2016 02:02:56]

C:\AdwCleaner\AdwCleaner[S5].txt - [1173 Bytes] - [07/07/2016 01:56:07]

C:\AdwCleaner\AdwCleaner[S6].txt - [2490 Bytes] - [02/09/2016 01:55:27]

C:\AdwCleaner\AdwCleaner[S7].txt - [2563 Bytes] - [02/09/2016 01:57:47]

C:\AdwCleaner\AdwCleaner[S8].txt - [2735 Bytes] - [11/10/2016 00:47:32]

C:\AdwCleaner\AdwCleaner[S9].txt - [3729 Bytes] - [20/01/2017 04:32:44]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5839 Bytes] ##########

 

 

 

 

 

 

 

MiniToolbox Log

 

MiniToolBox by Farbar Version: 17-06-2016

Ran by Bendlebender (administrator) on 07-05-2017 at 17:47:30

Running from "C:\Users\Bendlebender\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Model: Studio 1558 Manufacturer: Dell Inc.

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

 

=========================== Installed Programs ============================

 

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)

Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0601.2151 - )

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)

Baldur's Gate™ II - Shadows of Amn™ Bonus CD (HKLM-x32\...\{014585C8-7557-11D4-9ABA-006067325E47}) (Version: - )

Baldur's Gate™ II - Throne of Bhaal ™ (HKLM-x32\...\{B8C3B479-1716-11D5-968A-0050BA84F5F7}) (Version: - )

BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version: - BioWare Corp.)

Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)

ccc-core-static (HKLM-x32\...\{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}) (Version: 2010.0601.2152.37421 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)

Circle of Eight Modpack version 6.1.0 NC (HKLM-x32\...\{F25E8F2C-8443-42B6-A232-9236A74507C5}_is1) (Version: 6.1.0 NC - Circle of Eight)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)

Creature Chaos 4.22 (HKLM-x32\...\{BA6A41DC-603B-49D5-AC40-2A125DFF6DB8}_is1) (Version: - Creature Chaos Mod Team)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)

Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)

Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden

Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)

Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

DJ OldGames Package: Stronghold (HKLM-x32\...\Stronghold63) (Version: 1.0.3.0 - DJ)

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)

Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)

GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )

GrafX2 (GNU GPL) (HKLM-x32\...\Grafx2-SDL) (Version: 2.4.wip2035 - )

HHD Software Free Hex Editor Neo 5.14 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)

HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)

ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version: - )

Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version: - )

Impossible Creatures 1.0.1 (HKLM-x32\...\{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}) (Version: 1.0.1 - Microsoft)

Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)

IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)

Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)

LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Neverwinter Nights (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version: - )

NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)

OHRRPGCE alectormancy+2 20120731 (HKLM-x32\...\Official Hamster Republic RPG Construction Engine_is1) (Version: - Hamster Republic Productions)

PRC Pack (HKLM-x32\...\PRC Pack) (Version: - )

Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.18 - Dell Inc.)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden

Skins (HKLM-x32\...\{220D75B2-56A3-02AF-CF23-25520587D973}) (Version: 2010.0601.2152.37421 - ATI) Hidden

Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)

Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)

Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)

Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)

Star Wars Galactic Battlegrounds: Saga (HKLM-x32\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version: - )

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)

Temple of Elemental Evil (HKLM-x32\...\{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}) (Version: 1.00.000 - )

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)

WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.14 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

========================= Restore Points ==================================

 

24-08-2016 09:45:47 Windows Update

26-08-2016 04:24:28 Windows Update

30-08-2016 08:43:46 ComboFix created restore point

02-09-2016 08:42:16 Windows Update

08-09-2016 09:56:14 Windows Update

25-09-2016 05:44:13 Windows Update

25-09-2016 06:21:50 Windows Update

01-10-2016 09:13:48 Windows Update

08-10-2016 09:34:50 Windows Update

09-10-2016 04:08:57 Windows Update

09-10-2016 04:27:16 Windows Update

20-10-2016 08:32:25 Scheduled Checkpoint

30-10-2016 08:00:19 Scheduled Checkpoint

09-11-2016 08:09:15 Scheduled Checkpoint

17-11-2016 10:05:09 Scheduled Checkpoint

25-11-2016 09:30:20 Scheduled Checkpoint

06-12-2016 08:20:29 Scheduled Checkpoint

11-12-2016 10:27:04 Windows Update

19-12-2016 10:57:56 Windows Update

28-12-2016 10:46:44 Windows Update

11-01-2017 10:13:41 Scheduled Checkpoint

18-01-2017 10:20:25 Scheduled Checkpoint

02-02-2017 10:18:35 Scheduled Checkpoint

11-02-2017 10:19:27 Scheduled Checkpoint

24-02-2017 10:12:47 Scheduled Checkpoint

05-03-2017 10:12:01 Scheduled Checkpoint

14-03-2017 09:15:55 Scheduled Checkpoint

24-03-2017 09:25:04 Scheduled Checkpoint

06-04-2017 09:46:18 Scheduled Checkpoint

15-04-2017 09:07:00 Scheduled Checkpoint

30-04-2017 09:41:04 Scheduled Checkpoint

 

**** End of log ****

 

 

 

 

Security Check Log

 

Results of screen317's Security Check version 1.014 --- 12/23/15

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avast Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 25.0.0.148

Google Chrome (57.0.2987.133)

Google Chrome (plugins...)

Google Chrome (SetupMetrics...)

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast x64 aswidsagenta.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

 

 

 

 

 

So what is the next step? Also, thanks for the help and time.

 



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 PM

Posted 08 May 2017 - 02:52 AM

Hi,

It could be a false positive or something that was quarantined by the AdwCleaner. Trojan.agent gen dropper is a generic name. It is basically the tool saying that it detected something that may or may not be a trojan.
  • Step #1 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 

Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 08 May 2017 - 04:45 PM

Sorry about the double post, the connection timed out a couple times.

 

Is the ESET database supposed to be updated while connected to the internet but with all antivirus and antimalaware disabled? Ran ESET on Adminstrator while disconnected from the internet with everything disabled, but got a message stating the proxy needed to update. Tried switching all antiviruses on, connected to the internet, then ran ESET past the updating portion. Got a message about the antiviruses being on, so switched them again, then disconnected from the internet. ESET would not start.

 

Wary of downloading anything without antiviruses, is all.



#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 PM

Posted 08 May 2017 - 11:39 PM

Yes, since it is an online scanner, it updates its database prior to performing the scan. Disable your security software and let the program run unhindered. You will need an internet connection to perform the scan.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 09 May 2017 - 08:29 PM

Scanned with the ESET, looks like a lot of junkware. Something is going on though, as internet explorer has been freeze hanging a few times, where it did not before.

 

 

 

ESET Scan Log:

 

 

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=c54d0728fa0dcd41aded1f808feed09b

# end=init

# utc_time=2017-05-08 09:20:25

# local_time=2017-05-08 04:20:25 (-0600, Central Daylight Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internet# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=c54d0728fa0dcd41aded1f808feed09b

# end=init

# utc_time=2017-05-08 09:24:07

# local_time=2017-05-08 04:24:07 (-0600, Central Daylight Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=45315

Update Finalize

Updated modules version: 0

Old modules - leave modules

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=45315

Update Finalize

Updated modules version: 0

Old modules - delete modules

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=45315

Update Finalize

Updated modules version: 0

'Can not update to actual engine, exiting

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=c54d0728fa0dcd41aded1f808feed09b

# end=init

# utc_time=2017-05-09 10:37:59

# local_time=2017-05-09 05:37:59 (-0600, Central Daylight Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Finalize

Updated modules version: 33329

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=c54d0728fa0dcd41aded1f808feed09b

# end=updated

# utc_time=2017-05-09 10:41:30

# local_time=2017-05-09 05:41:30 (-0600, Central Daylight Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=c54d0728fa0dcd41aded1f808feed09b

# engine=33329

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2017-05-10 01:16:39

# local_time=2017-05-09 08:16:39 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avast Antivirus'

# compatibility_mode=798 16777213 66 88 0 8553644 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 10535242 245922449 0 0

# scanned=544743

# found=8

# cleaned=0

# scan_time=9308

sh=536782445DAD8E439ACBDC23C79426114DDCCD6D ft=1 fh=e6f6ada70c893bb7 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir"

sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"

sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"

sh=24C285E4A280C2E7A217907C5E9EDE4207753C44 ft=1 fh=911ad30aca1b2451 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"

sh=C6F46A4B5804D61D6B681E45692B66471E5C2D09 ft=1 fh=0d98c8d77d206349 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Bendlebender\Desktop\Sorting\Leftovers\IZArc4.1.2.exe"

sh=40F6CA5EF25B7DBD42AE8B4FDA5F98144B1AD360 ft=1 fh=08965c270c124c2f vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Bendlebender\Downloads\ccsetup519.exe"

sh=792FD2E01EAED40633F32A1172E2F7997ACDAD37 ft=1 fh=17acc3403899e8e0 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Warchow\Desktop\Sorting\Leftovers\avira_free_antivirus_en.exe"

sh=C6F46A4B5804D61D6B681E45692B66471E5C2D09 ft=1 fh=0d98c8d77d206349 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Warchow\Desktop\Sorting\Leftovers\IZArc4.1.2.exe"

 



#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 PM

Posted 09 May 2017 - 10:59 PM

Hi,

You are right on the junkware and one of them was already quarantined by AdwCleaner.
  • Step #2 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 

Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 10 May 2017 - 07:28 PM

Had trouble completing the above instructions. Windows Internet Explorer started hanging more and more frequently, one of the times with a message that 'AMD Driver disconnected and is now reconnected,' but it continued to freeze hang. To double check, ran ADSSSPY.exe, which was a mistake since it stuck the CPU Physical Memory Usage at 50%, even after reboot. The freezing window browser hangs were bad enough to prevent directly downloading FARBAR from the provided link, luckily I was able to update an older saved version of FARBAR on the computer and scan from there. Good grief.

 

 

FRST Scan Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Bendlebender (administrator) on BLUEBEAST (10-05-2017 19:09:29)
Running from C:\Users\Bendlebender\Downloads
Loaded Profiles: Bendlebender (Available Profiles: Bendlebender & Fat Wombat & Warchow)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(CobianSoft, Luis Cobian) C:\Program Files\CobianBackup11Gravity\cbVSCService11.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [826368 2011-02-19] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2011-09-18] (Dell)
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-30] (Google Inc.)
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
Startup: C:\Users\Bendlebender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-11-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-10-26]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-10-26]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Warchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock (2).lnk [2010-11-01]
ShortcutTarget: Dell Dock (2).lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Warchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-04-03]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Warchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini [2013-04-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AE34EA64-F69E-4D26-91EA-13E318ACFCBA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B974C515-4436-47B9-B801-ACFC903F7653}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C62CEFC8-FC11-4BF7-AA6E-2C598B712605} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1748231068-357915915-2718231513-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-19] (Google Inc.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-19] (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1748231068-357915915-2718231513-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-19] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Bendlebender\AppData\Roaming\Mozilla\Firefox\Profiles\qiixnOBP.default [2017-05-07]
FF Extension: (Avira Browser Safety) - C:\Users\Bendlebender\AppData\Roaming\Mozilla\Firefox\Profiles\qiixnOBP.default\Extensions\abs@avira.com [2017-01-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 cbVSCService11; C:\Program Files\CobianBackup11Gravity\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-22] (WildTangent)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] () [File not signed]
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [78848 2010-05-07] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158368 2017-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-07-06] ()
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2012-03-22] (PC-Doctor, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Acceler.sys C49C56B35BFC6CDA8D1FDCAD2885568F
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 79A11CB10FF02A8425DABBB040249F7D
C:\Windows\System32\DRIVERS\atikmpag.sys 6F6D47246FBB0CF65619684A0F89179E
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 52F8C264D3BF90D2726FDE6642A381D4
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswbidsdrivera.sys 0C19C91ED99964925FF8B05C23743AB1
C:\Windows\system32\drivers\aswbidsha.sys 670839F4BA6D82F3035AADFE8274F02E
C:\Windows\system32\drivers\aswbloga.sys 5C561968CF601D76A98692DCC8CF74ED
C:\Windows\system32\drivers\aswbuniva.sys 335E5F19E7397A283B7ED20FE7B369EB
C:\Windows\system32\drivers\aswHwid.sys BA02CA77D989710F79FD662019C4DF94
C:\Windows\system32\drivers\aswKbd.sys 5E6FD2CB74138C6AF591779D2619BD6C
C:\Windows\system32\drivers\aswMonFlt.sys 2B1490F2F1CC76C9C9B61CE63D6E7973
C:\Windows\system32\drivers\aswRdr2.sys F26D1F761E14789743275FA5D258EAB8
C:\Windows\system32\drivers\aswRvrt.sys C1007774450CFAB19D784D50C3410FC7
C:\Windows\system32\drivers\aswSnx.sys EB1991686949400C51B8C21CE013621E
C:\Windows\system32\drivers\aswSP.sys 7A17BD26C74F5329CB1DF029AE4DD357
C:\Windows\system32\drivers\aswStm.sys E826A190E6628C9B6AA2433D2771E15D
C:\Windows\system32\drivers\aswVmm.sys E76C21203E29F2DCC489EF585E0B1A38
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys 2D648572BA9A610952FCAFBA1E119C2D
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys 5C0F919666954885D7760DFFE4B29A25
C:\Windows\System32\DRIVERS\bcmwl664.sys BAB887A2B2786310A966881F074F4A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys 7FD586369B597798535C098E63818AAC
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys 4FF8A2082D78255D2EB169F986BCC981
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
c:\program files\dell support center\pcdsrvc_x64.pkms 7317A0B550F7AC0223B7070897670476
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rimmpx64.sys 6FAF5B04BEDC66D300D9D233B2D222F0
C:\Windows\System32\DRIVERS\rimspe64.sys E20B1907FC72A3664ECE21E3C20FC63D
C:\Windows\system32\DRIVERS\rimspx64.sys 67F50C31713106FD1B0F286F86AA2B2E
C:\Windows\System32\DRIVERS\risdpe64.sys A6DA2B0C8F5BB3F9F5423CFF8D6A02D9
C:\Windows\system32\DRIVERS\rixdpx64.sys 4D7EF3D46346EC4C58784DB964B365DE
C:\Windows\System32\DRIVERS\rixdpe64.sys 6A1CD4674505E6791390A1AB71DA1FBE
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\System32\DRIVERS\stdflt.sys C48E0745D33897C7A73394214F2B9B4F
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys CAF5A9708671B14B9670260735B22C4E
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 639B57DC871BE4B86283027FAF1F4E30
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 825E7A1F48FB8BCFBA27C178AAB4E275
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 18:48 - 2017-05-10 18:48 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-09 00:13 - 2017-05-09 00:13 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-08 16:17 - 2017-05-08 16:17 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-08 15:54 - 2017-05-08 15:54 - 02870984 _____ (ESET) C:\Users\Bendlebender\Downloads\esetsmartinstaller_enu.exe
2017-05-07 17:55 - 2017-05-07 17:55 - 00000861 _____ C:\Users\Bendlebender\Documents\checkupSecurityCheck1.txt
2017-05-07 17:48 - 2017-05-07 17:48 - 00012925 _____ C:\Users\Bendlebender\Documents\MTB1.txt
2017-05-07 17:47 - 2017-05-07 17:47 - 00012925 _____ C:\Users\Bendlebender\Downloads\MTB.txt
2017-05-07 17:44 - 2017-05-07 17:44 - 00852798 _____ C:\Users\Bendlebender\Downloads\SecurityCheck.exe
2017-05-07 17:42 - 2017-05-07 17:42 - 00892416 _____ (Farbar) C:\Users\Bendlebender\Downloads\MiniToolBox.exe
2017-05-07 16:52 - 2017-05-07 16:53 - 30022456 _____ (SUPERAntiSpyware) C:\Users\Bendlebender\Downloads\SUPERAntiSpyware.exe
2017-05-07 16:50 - 2017-05-07 16:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bendlebender\Downloads\HijackThis.exe
2017-05-07 16:24 - 2017-05-07 16:25 - 00002018 _____ C:\Users\Bendlebender\Desktop\Rkill.txt
2017-05-07 16:24 - 2017-05-07 16:24 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Bendlebender\Downloads\iExplore64.exe
2017-05-07 15:30 - 2017-05-07 15:30 - 00005982 _____ C:\Users\Bendlebender\Documents\AdwCleaner[C2].txt
2017-05-02 03:51 - 2017-05-02 03:51 - 00003472 ____N C:\bootsqm.dat
2017-04-20 23:17 - 2017-04-21 00:47 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2017-04-20 23:17 - 2017-04-20 23:17 - 00003414 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay
2017-03-17 23:10 - 2017-05-09 00:13 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-17 23:10 - 2017-05-09 00:12 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-17 23:10 - 2017-05-09 00:12 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-17 23:10 - 2017-05-09 00:12 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-17 23:10 - 2017-05-09 00:12 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-13 03:11 - 2017-03-13 03:11 - 01553807 _____ C:\Users\Bendlebender\Downloads\life-death-ii-the-brain.zip
2017-03-13 03:09 - 2017-03-13 03:09 - 01218826 _____ C:\Users\Bendlebender\Downloads\alter-ego.zip
2017-03-13 03:09 - 2017-03-13 03:09 - 00589069 _____ C:\Users\Bendlebender\Downloads\alter-ego-male.zip
2017-03-13 02:51 - 2017-03-13 02:54 - 21856160 _____ (DJ, dj@oldgames.sk) C:\Users\Bendlebender\Downloads\Lion-www.oldgames.sk-Compilation.exe
2017-03-13 02:45 - 2017-03-13 02:46 - 08594470 _____ C:\Users\Bendlebender\Downloads\wolf.zip
2017-02-27 01:41 - 2017-02-27 01:41 - 05838317 _____ C:\Users\Bendlebender\Downloads\ssriders.zip
2017-02-27 01:03 - 2017-02-27 01:03 - 07693105 _____ C:\Users\Bendlebender\Downloads\Mame32v103.7z
2017-02-10 00:44 - 2017-02-10 00:44 - 01474681 _____ C:\Users\Bendlebender\Downloads\dag213.exe
2017-02-09 01:45 - 2017-02-09 01:45 - 00775118 _____ C:\Users\Bendlebender\Downloads\sword_and_fist-v7.exe
2017-02-09 01:14 - 2017-02-09 01:14 - 05064974 _____ C:\Users\Bendlebender\Downloads\bg2_tweaks-v16.exe
2017-02-09 00:35 - 2017-02-09 00:35 - 05929147 _____ C:\Users\Bendlebender\Downloads\alternatives-v11.exe
2017-02-09 00:30 - 2017-02-09 00:30 - 03997656 _____ C:\Users\Bendlebender\Downloads\wheels-v6.exe

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 19:09 - 2016-07-03 02:29 - 00035380 _____ C:\Users\Bendlebender\Downloads\FRST.txt
2017-05-10 19:09 - 2016-07-03 02:29 - 00000000 ____D C:\FRST
2017-05-10 19:08 - 2016-07-13 01:40 - 00000000 ____D C:\Users\Bendlebender\Downloads\FRST-OlderVersion
2017-05-10 19:08 - 2016-07-03 02:05 - 02429440 _____ (Farbar) C:\Users\Bendlebender\Downloads\FRST64.exe
2017-05-10 19:06 - 2010-10-26 09:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-05-10 19:06 - 2010-10-26 09:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-05-10 19:06 - 2010-10-26 09:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-05-10 19:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-10 19:04 - 2012-04-09 01:11 - 00000000 ____D C:\Users\Bendlebender\AppData\Local\ElevatedDiagnostics
2017-05-10 19:04 - 2010-12-16 17:09 - 01778714 _____ C:\Windows\ntbtlog.txt
2017-05-10 19:03 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-10 19:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-05-10 18:52 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-10 18:52 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-10 18:49 - 2012-04-10 16:29 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-05-10 03:50 - 2013-07-03 14:12 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 03:50 - 2013-07-03 14:12 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 03:50 - 2011-10-25 15:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 03:50 - 2011-06-21 12:11 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 03:50 - 2010-10-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 03:49 - 2016-07-06 01:30 - 00000000 ____D C:\Users\Bendlebender\AppData\Local\CrashDumps
2017-05-09 17:31 - 2012-04-10 16:29 - 00003548 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2017-05-09 17:31 - 2012-04-10 16:29 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2017-05-09 00:14 - 2017-01-20 05:16 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1484907403
2017-05-09 00:13 - 2017-01-20 05:16 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-09 00:12 - 2017-01-20 05:16 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-09 00:12 - 2017-01-20 05:16 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-07 15:23 - 2016-07-01 18:03 - 00000000 ____D C:\AdwCleaner
2017-05-04 23:27 - 2016-07-01 01:29 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-28 05:13 - 2010-12-30 18:51 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 05:13 - 2010-12-30 18:51 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-21 23:06 - 2012-04-10 16:29 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2017-04-20 23:17 - 2012-04-10 16:29 - 00004284 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-04-14 23:09 - 2009-07-14 00:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-13 23:15 - 2016-07-01 01:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2003-11-05 11:49 - 2003-11-03 14:09 - 1512863 _____ () C:\Program Files\RT_ToEE4.dat
2013-03-30 16:33 - 2014-01-03 04:03 - 0001145 _____ () C:\Users\Bendlebender\AppData\Roaming\hexplorer.dat
2013-03-30 16:33 - 2014-01-03 04:03 - 0000027 _____ () C:\Users\Bendlebender\AppData\Roaming\mclip.dat
2015-05-09 15:50 - 2015-05-09 15:50 - 0003584 _____ () C:\Users\Bendlebender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-09 01:03 - 2017-02-21 04:46 - 0007607 _____ () C:\Users\Bendlebender\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
resumeobject            {4949f807-e120-11df-b1cb-f04da251bf52}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {4949f809-e120-11df-b1cb-f04da251bf52}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4949f807-e120-11df-b1cb-f04da251bf52}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {4949f809-e120-11df-b1cb-f04da251bf52}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{4949f80a-e120-11df-b1cb-f04da251bf52}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{4949f80a-e120-11df-b1cb-f04da251bf52}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {4949f807-e120-11df-b1cb-f04da251bf52}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {4949f80a-e120-11df-b1cb-f04da251bf52}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2017-05-05 03:10

==================== End of FRST.txt ============================

 

 

 

 

 

FRST Addition Scan Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Bendlebender (10-05-2017 19:10:31)
Running from C:\Users\Bendlebender\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-01 18:52:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1748231068-357915915-2718231513-500 - Administrator - Disabled)
Bendlebender (S-1-5-21-1748231068-357915915-2718231513-1000 - Administrator - Enabled) => C:\Users\Bendlebender
Fat Wombat (S-1-5-21-1748231068-357915915-2718231513-1001 - Limited - Enabled) => C:\Users\Fat Wombat
Guest (S-1-5-21-1748231068-357915915-2718231513-501 - Limited - Disabled)
KnockerCroc (S-1-5-21-1748231068-357915915-2718231513-1007 - Administrator - Enabled)
Warchow (S-1-5-21-1748231068-357915915-2718231513-1002 - Administrator - Enabled) => C:\Users\Warchow

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0601.2151 - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Baldur's Gate™ II - Shadows of Amn™ Bonus CD (HKLM-x32\...\{014585C8-7557-11D4-9ABA-006067325E47}) (Version:  - )
Baldur's Gate™ II - Throne of Bhaal ™ (HKLM-x32\...\{B8C3B479-1716-11D5-968A-0050BA84F5F7}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
ccc-core-static (x32 Version: 2010.0601.2152.37421 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Circle of Eight Modpack version 6.1.0 NC (HKLM-x32\...\{F25E8F2C-8443-42B6-A232-9236A74507C5}_is1) (Version: 6.1.0 NC - Circle of Eight)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Creature Chaos 4.22 (HKLM-x32\...\{BA6A41DC-603B-49D5-AC40-2A125DFF6DB8}_is1) (Version:  - Creature Chaos Mod Team)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DJ OldGames Package: Stronghold (HKLM-x32\...\Stronghold63) (Version: 1.0.3.0 - DJ)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GrafX2 (GNU GPL) (HKLM-x32\...\Grafx2-SDL) (Version: 2.4.wip2035 - )
HHD Software Free Hex Editor Neo 5.14 (HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version:  - )
Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version:  - )
Impossible Creatures 1.0.1 (HKLM-x32\...\{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}) (Version: 1.0.1 - Microsoft)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Neverwinter Nights (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OHRRPGCE alectormancy+2 20120731 (HKLM-x32\...\Official Hamster Republic RPG Construction Engine_is1) (Version:  - Hamster Republic Productions)
PRC Pack (HKLM-x32\...\PRC Pack) (Version:  - )
Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.18 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Skins (x32 Version: 2010.0601.2152.37421 - ATI) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars Galactic Battlegrounds: Saga (HKLM-x32\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version:  - )
Temple of Elemental Evil (HKLM-x32\...\{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}) (Version: 1.00.000 - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B526565-5357-4258-B186-6D81D9E9823B} - System32\Tasks\SafeZone scheduled Autoupdate 1466146326 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {10351236-259F-4513-8C82-9D93F94B88FF} - System32\Tasks\{F5849F38-F53B-4785-81ED-A52505261760} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {29C10A22-CFCB-418A-A90D-79F89BDCB3A3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {30229D28-3DC4-48C1-A0A6-EF184657852C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33731B9E-9AE7-433E-917F-D27E1C5DD55D} - System32\Tasks\{D96E61CD-345B-4429-9651-903DEBF4576C} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {3753EBD4-14EC-47DF-90CA-729F0D81A64E} - System32\Tasks\Microsoft\Windows\PLA\Second Run => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "Second Run" "$(Arg0)"
Task: {3E1A0EBE-446F-4902-8DF2-616EE969C254} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E238F99-D2C8-4BDA-8545-46B87EA6D4A2} - System32\Tasks\{518DE036-8CE4-4771-9096-601792D4483A} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {3F066AE7-046C-4B3C-90A2-2111583C8559} - System32\Tasks\{EE294D32-CB24-4716-A137-F9FA34C847D3} => C:\DOSGames\Unlimited Adventures\FRUA\INSTALL.EXE
Task: {40AB365C-7EB9-4BC2-8665-3B509F9C2101} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {41E7D123-4F7E-41D8-BE7E-D39F24412A14} - System32\Tasks\{00B5695A-C0B5-47B4-9CDF-21532ACA86A2} => pcalua.exe -a C:\Users\Bendlebender\Desktop\ArtOfIllusion281-Windows.exe -d C:\Users\Bendlebender\Desktop
Task: {4F92FF15-22C3-4DB9-A794-EC7C92E93749} - System32\Tasks\{8AA59E8F-DCBE-42B0-9823-2F84F9D2D708} => C:\Users\Bendlebender\Desktop\Recreation\S\snes9x.exe [2003-08-12] (Gary Henderson)
Task: {524602FD-3059-4D93-990F-D72687CB2532} - System32\Tasks\{65CAF38B-06B6-4C75-86D1-E871D339D1CA} => pcalua.exe -a "C:\Users\Bendlebender\Desktop\Recreation\Mods\Neverwinter\Latest PRC\CC_1.8_Win\CharacterCreator.exe" -d "C:\Users\Bendlebender\Desktop\Recreation\Mods\Neverwinter\Latest PRC\CC_1.8_Win"
Task: {5F37B00A-EECF-4E82-8ABD-FC87F2897AB6} - System32\Tasks\{F00BEE45-595F-4958-81CD-FB0E51C7BC10} => pcalua.exe -a "C:\Users\Bendlebender\Desktop\Recreation\Mods\Baldur's Gate\shardsofice-v5.exe" -d "C:\Users\Bendlebender\Desktop\Recreation\Mods\Baldur's Gate"
Task: {6920F034-B1B4-47BD-99FD-5E4970B4B74F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {6A8F34FC-187E-4D85-A7C1-552891DDE221} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {85263EEA-D47F-48C4-8807-74C0CBC29DC8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {87A3057A-8A75-4739-B2C1-9777276EF530} - System32\Tasks\{763FCEB8-2E39-4802-B113-FD8DA82A80E9} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {8B4A98CD-B127-4A9F-804F-E7CBF77D40D1} - System32\Tasks\Microsoft\Windows\PLA\With Avasti => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "With Avasti" "$(Arg0)"
Task: {9F391A5D-21CF-4502-B154-9941420EA5BE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {A3BC7FEB-C667-46CC-A565-E2E12AD7476B} - System32\Tasks\{B6E20656-AA29-4115-91D3-D1EC8375242C} => C:\Program Files\TOEE\TOEE3.EXE
Task: {BB55B899-1D8D-4990-9EA0-A21A009C6AA8} - System32\Tasks\{CBD7F791-5D4D-4AA3-8DAA-D368A5492DDA} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {CD4D8FAC-0AC9-4693-8CDB-9CE99AADA93A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {CE2D8A6F-CB86-4FF8-BB35-75C173A35D63} - System32\Tasks\SafeZone scheduled Autoupdate 1483432041 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {CFFE7552-4C3A-4853-9675-75E3389210DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {DAF19094-8B38-4EB9-A49B-88CE618A2CAC} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {E04D6CB9-5787-4DD9-ABA5-68A32C4F4ADB} - System32\Tasks\SafeZone scheduled Autoupdate 1484907403 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {EF3A1A82-1F08-4EC0-AFBE-D694D4713442} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {FBE41EE1-67CC-4C62-BE2D-C6432898FE66} - System32\Tasks\{D885621F-67B8-446A-B8FB-F61ED41BF337} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {FC8BAF38-6933-45F3-BA25-099FC459D141} - System32\Tasks\Microsoft\Windows\PLA\First Run => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "First Run" "$(Arg0)"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\Dell Support Center\uaclauncher.exe o-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe o-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Bendlebender\Desktop\Recreation\Side Things\Oldgames\OldGames.sk\www.oldgames.sk.lnk -> hxxp:

==================== Loaded Modules (Whitelisted) ==============

2011-01-18 19:15 - 2009-04-24 16:50 - 00210944 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2010-10-26 09:18 - 2009-06-23 16:02 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2010-10-26 09:29 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-05-09 00:12 - 2017-05-09 00:12 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00825960 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2010-10-26 09:18 - 2009-07-22 08:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
2016-08-25 02:26 - 2016-08-25 02:26 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3cac3c9fcb04ebef9378c774982b4dc3\VistaBridgeLibrary.ni.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-03-08 11:02 - 2010-03-08 11:02 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-01 21:50 - 2010-06-01 21:50 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-10 18:50 - 2017-05-10 18:50 - 05927936 _____ () C:\Program Files\AVAST Software\Avast\defs\17051002\algo.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-09 00:13 - 2017-05-09 00:13 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 00:13 - 2017-05-09 00:13 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2016-08-24 04:38 - 2016-08-24 04:38 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2010-10-26 09:14 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [98]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\mcafee.com -> hxxps://mcafee.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bendlebender\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{79E7E1F0-2F99-436A-AF7C-F51FADEC8035}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FAC2E99E-B803-4B2D-B64B-901A3451FFD8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{49399E2C-C122-42E1-90B7-BE6B50D58031}] => (Allow) svchost.exe
FirewallRules: [{AB196ED8-FF53-4448-ABCB-8FB6F387A498}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A2C11EDE-47EB-4086-B767-23DF43244711}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B7B8531B-FDCE-4917-97A7-4B57C419D983}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{DA986246-9658-4ACD-9637-C2B37431866B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{9554C4C0-B9B6-4A2D-A014-E35A1EAAD8EF}C:\sam\printcontrol.exe] => (Allow) C:\sam\printcontrol.exe
FirewallRules: [UDP Query User{BA9C980D-0836-4009-9162-717987472E82}C:\sam\printcontrol.exe] => (Allow) C:\sam\printcontrol.exe
FirewallRules: [{94F1E1BF-BFEA-4A03-8087-43394404AA36}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{31F96EDC-0D96-42E8-AF17-0596D6931815}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{16D7ED50-2F2D-4904-AEB4-13D89CF7B080}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{8EB75C73-C3AB-44F8-A1F7-5B58961985CD}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{0A0C1EF9-B26F-425B-9A4C-3774BA9003C3}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{89501BDF-EBB1-4CFE-97F8-8BFA97870329}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{3B6266F4-AA3E-4F82-B6F9-7EF987970FA0}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{1539314C-A04E-443A-9FAE-17BCEA673B7F}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{1AE0C654-367B-42AD-A00D-B3E3FF9D0F23}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{623458FF-8DED-4A66-8CAF-F5C8DC6094CC}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{4D527ADB-6051-4CE8-85D2-9A9F6FFFCA13}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{11D120EA-E91C-4676-9EED-7D130B1010B0}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{F60AC392-5128-4B26-8DF0-8AAFF3C2C487}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{635A1371-37AC-459C-B677-D4E4D8D006D1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{6390CC46-5116-4172-AD5D-2A8129EDDA65}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe

==================== Restore Points =========================

24-08-2016 04:45:47 Windows Update
25-08-2016 23:24:28 Windows Update
30-08-2016 03:43:46 ComboFix created restore point
02-09-2016 03:42:16 Windows Update
08-09-2016 04:56:14 Windows Update
25-09-2016 00:44:13 Windows Update
25-09-2016 01:21:50 Windows Update
01-10-2016 04:13:48 Windows Update
08-10-2016 04:34:50 Windows Update
08-10-2016 23:08:57 Windows Update
08-10-2016 23:27:16 Windows Update
20-10-2016 03:32:25 Scheduled Checkpoint
30-10-2016 03:00:19 Scheduled Checkpoint
09-11-2016 03:09:15 Scheduled Checkpoint
17-11-2016 05:05:09 Scheduled Checkpoint
25-11-2016 04:30:20 Scheduled Checkpoint
06-12-2016 03:20:29 Scheduled Checkpoint
11-12-2016 05:27:04 Windows Update
19-12-2016 05:57:56 Windows Update
28-12-2016 05:46:44 Windows Update
11-01-2017 05:13:41 Scheduled Checkpoint
18-01-2017 05:20:25 Scheduled Checkpoint
02-02-2017 05:18:35 Scheduled Checkpoint
11-02-2017 05:19:27 Scheduled Checkpoint
24-02-2017 05:12:47 Scheduled Checkpoint
05-03-2017 05:12:01 Scheduled Checkpoint
14-03-2017 04:15:55 Scheduled Checkpoint
24-03-2017 04:25:04 Scheduled Checkpoint
06-04-2017 04:46:18 Scheduled Checkpoint
15-04-2017 04:07:00 Scheduled Checkpoint
30-04-2017 04:41:04 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ATI High Definition Audio Device
Description: ATI High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: AtiHdmiService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2017 07:07:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Bendlebender\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/10/2017 07:07:31 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/10/2017 06:48:53 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/10/2017 03:58:03 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/10/2017 03:49:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: entroband.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01017fb8
Faulting process id: 0x10d4
Faulting application start time: 0x01d2c96a14461736
Faulting application path: C:\Users\Bendlebender\Desktop\Recreation\Mods\New folder\entroband\entroband.exe
Faulting module path: unknown
Report Id: 95853e1c-355d-11e7-be9b-f04da251bf52

Error: (05/10/2017 03:46:23 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/09/2017 11:14:29 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (05/09/2017 08:23:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/09/2017 05:37:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Bendlebender\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/09/2017 05:37:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Bendlebender\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

System errors:
=============
Error: (05/10/2017 07:04:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/10/2017 07:04:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/10/2017 07:04:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

CodeIntegrity:
===================================
  Date: 2016-09-25 00:46:39.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\c4154e707216b0f9ca48a8462c2fdd9e\inst\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23455_none_c025ec161664fa1b\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-25 00:46:35.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\c4154e707216b0f9ca48a8462c2fdd9e\inst\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23455_none_b5d141c3e2043820\appidapi.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 40%
Total physical RAM: 3956.52 MB
Available physical RAM: 2373.26 MB
Total Virtual: 9954.71 MB
Available Virtual: 8239.16 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:259.98 GB) NTFS
Drive d: (TOEE_PLAY) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 46C06955)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

Again, thanks for the time and help. Don't understand what's going on here.



#8 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 24 May 2017 - 03:03 AM

Any feedback on this problem? The crashes continue to occur.



#9 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 01 June 2017 - 03:23 AM

Its been a while. Any more responses? The problems still happen.



#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 PM

Posted 07 June 2017 - 04:26 AM

Hi, 

 

I am really sorry for overlooking this thread. Please, provide a fresh set of logs so that I can determine the machine condition. 

 

Regards,

Valinorum 


Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 08 June 2017 - 01:59 AM

No worries, and thanks for the response. Here are the recent FARBAR Scanlogs:

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Ran by Bendlebender (administrator) on BLUEBEAST (08-06-2017 01:49:02)
Running from C:\Users\Bendlebender\Downloads
Loaded Profiles: Bendlebender (Available Profiles: Bendlebender & Fat Wombat & Warchow)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(CobianSoft, Luis Cobian) C:\Program Files\CobianBackup11Gravity\cbVSCService11.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\furc_on.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [826368 2011-02-19] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2011-09-18] (Dell)
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-30] (Google Inc.)
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
Startup: C:\Users\Bendlebender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-11-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-10-26]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-10-26]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Warchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock (2).lnk [2010-11-01]
ShortcutTarget: Dell Dock (2).lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Warchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-04-03]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Warchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini [2013-04-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AE34EA64-F69E-4D26-91EA-13E318ACFCBA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B974C515-4436-47B9-B801-ACFC903F7653}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C62CEFC8-FC11-4BF7-AA6E-2C598B712605} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1748231068-357915915-2718231513-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-19] (Google Inc.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-19] (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1748231068-357915915-2718231513-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-19] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Bendlebender\AppData\Roaming\Mozilla\Firefox\Profiles\qiixnOBP.default [2017-05-07]
FF Extension: (Avira Browser Safety) - C:\Users\Bendlebender\AppData\Roaming\Mozilla\Firefox\Profiles\qiixnOBP.default\Extensions\abs@avira.com [2017-01-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2017-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 cbVSCService11; C:\Program Files\CobianBackup11Gravity\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399216 2017-05-23] (WildTangent)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] () [File not signed]
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [78848 2010-05-07] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-07-06] ()
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2012-03-22] (PC-Doctor, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Acceler.sys C49C56B35BFC6CDA8D1FDCAD2885568F
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 79A11CB10FF02A8425DABBB040249F7D
C:\Windows\System32\DRIVERS\atikmpag.sys 6F6D47246FBB0CF65619684A0F89179E
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 52F8C264D3BF90D2726FDE6642A381D4
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswbidsdrivera.sys 0C19C91ED99964925FF8B05C23743AB1
C:\Windows\system32\drivers\aswbidsha.sys 670839F4BA6D82F3035AADFE8274F02E
C:\Windows\system32\drivers\aswbloga.sys 5C561968CF601D76A98692DCC8CF74ED
C:\Windows\system32\drivers\aswbuniva.sys 335E5F19E7397A283B7ED20FE7B369EB
C:\Windows\system32\drivers\aswHwid.sys BA02CA77D989710F79FD662019C4DF94
C:\Windows\system32\drivers\aswKbd.sys 5E6FD2CB74138C6AF591779D2619BD6C
C:\Windows\system32\drivers\aswMonFlt.sys 2B1490F2F1CC76C9C9B61CE63D6E7973
C:\Windows\system32\drivers\aswRdr2.sys F26D1F761E14789743275FA5D258EAB8
C:\Windows\system32\drivers\aswRvrt.sys C1007774450CFAB19D784D50C3410FC7
C:\Windows\system32\drivers\aswSnx.sys EB1991686949400C51B8C21CE013621E
C:\Windows\system32\drivers\aswSP.sys 7A17BD26C74F5329CB1DF029AE4DD357
C:\Windows\system32\drivers\aswStm.sys 2933CBC7643168E4288D443B4125941C
C:\Windows\system32\drivers\aswVmm.sys E76C21203E29F2DCC489EF585E0B1A38
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys 2D648572BA9A610952FCAFBA1E119C2D
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys 5C0F919666954885D7760DFFE4B29A25
C:\Windows\System32\DRIVERS\bcmwl664.sys BAB887A2B2786310A966881F074F4A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys 7FD586369B597798535C098E63818AAC
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys 4FF8A2082D78255D2EB169F986BCC981
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
c:\program files\dell support center\pcdsrvc_x64.pkms 7317A0B550F7AC0223B7070897670476
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rimmpx64.sys 6FAF5B04BEDC66D300D9D233B2D222F0
C:\Windows\System32\DRIVERS\rimspe64.sys E20B1907FC72A3664ECE21E3C20FC63D
C:\Windows\system32\DRIVERS\rimspx64.sys 67F50C31713106FD1B0F286F86AA2B2E
C:\Windows\System32\DRIVERS\risdpe64.sys A6DA2B0C8F5BB3F9F5423CFF8D6A02D9
C:\Windows\system32\DRIVERS\rixdpx64.sys 4D7EF3D46346EC4C58784DB964B365DE
C:\Windows\System32\DRIVERS\rixdpe64.sys 6A1CD4674505E6791390A1AB71DA1FBE
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\System32\DRIVERS\stdflt.sys C48E0745D33897C7A73394214F2B9B4F
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys CAF5A9708671B14B9670260735B22C4E
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 639B57DC871BE4B86283027FAF1F4E30
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 825E7A1F48FB8BCFBA27C178AAB4E275
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 04:21 - 2017-05-19 04:21 - 40889850 _____ C:\Users\Bendlebender\Downloads\artesia.pdf
2017-05-10 19:13 - 2017-05-10 19:13 - 00108739 _____ C:\Users\Bendlebender\Downloads\Shortcut.txt
2017-05-09 00:13 - 2017-05-09 00:13 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-08 16:17 - 2017-05-08 16:17 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-08 15:54 - 2017-05-08 15:54 - 02870984 _____ (ESET) C:\Users\Bendlebender\Downloads\esetsmartinstaller_enu.exe
2017-05-07 17:55 - 2017-05-07 17:55 - 00000861 _____ C:\Users\Bendlebender\Documents\checkupSecurityCheck1.txt
2017-05-07 17:48 - 2017-05-07 17:48 - 00012925 _____ C:\Users\Bendlebender\Documents\MTB1.txt
2017-05-07 17:47 - 2017-05-07 17:47 - 00012925 _____ C:\Users\Bendlebender\Downloads\MTB.txt
2017-05-07 17:44 - 2017-05-07 17:44 - 00852798 _____ C:\Users\Bendlebender\Downloads\SecurityCheck.exe
2017-05-07 17:42 - 2017-05-07 17:42 - 00892416 _____ (Farbar) C:\Users\Bendlebender\Downloads\MiniToolBox.exe
2017-05-07 16:52 - 2017-05-07 16:53 - 30022456 _____ (SUPERAntiSpyware) C:\Users\Bendlebender\Downloads\SUPERAntiSpyware.exe
2017-05-07 16:50 - 2017-05-07 16:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bendlebender\Downloads\HijackThis.exe
2017-05-07 16:24 - 2017-05-07 16:25 - 00002018 _____ C:\Users\Bendlebender\Desktop\Rkill.txt
2017-05-07 16:24 - 2017-05-07 16:24 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Bendlebender\Downloads\iExplore64.exe
2017-05-07 15:30 - 2017-05-07 15:30 - 00005982 _____ C:\Users\Bendlebender\Documents\AdwCleaner[C2].txt
2017-05-02 03:51 - 2017-05-02 03:51 - 00003472 ____N C:\bootsqm.dat
2017-03-17 23:10 - 2017-06-06 23:24 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-17 23:10 - 2017-05-09 00:12 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-17 23:10 - 2017-05-09 00:12 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-17 23:10 - 2017-05-09 00:12 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-17 23:10 - 2017-05-09 00:12 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-13 03:09 - 2017-03-13 03:09 - 01218826 _____ C:\Users\Bendlebender\Downloads\alter-ego.zip
2017-03-13 03:09 - 2017-03-13 03:09 - 00589069 _____ C:\Users\Bendlebender\Downloads\alter-ego-male.zip
2017-03-13 02:51 - 2017-03-13 02:54 - 21856160 _____ (DJ, dj@oldgames.sk) C:\Users\Bendlebender\Downloads\Lion-www.oldgames.sk-Compilation.exe
2017-03-13 02:45 - 2017-03-13 02:46 - 08594470 _____ C:\Users\Bendlebender\Downloads\wolf.zip

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 01:49 - 2016-07-03 02:29 - 00035403 _____ C:\Users\Bendlebender\Downloads\FRST.txt
2017-06-08 01:49 - 2016-07-03 02:29 - 00000000 ____D C:\FRST
2017-06-08 01:48 - 2016-07-13 01:40 - 00000000 ____D C:\Users\Bendlebender\Downloads\FRST-OlderVersion
2017-06-08 01:48 - 2016-07-03 02:05 - 02435072 _____ (Farbar) C:\Users\Bendlebender\Downloads\FRST64.exe
2017-06-08 00:01 - 2012-04-10 16:29 - 00003548 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2017-06-08 00:01 - 2012-04-10 16:29 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2017-06-08 00:01 - 2012-04-10 16:29 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-06-07 23:48 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-07 23:48 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-07 23:48 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-07 23:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-06-07 23:43 - 2010-10-26 09:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-06-07 23:43 - 2010-10-26 09:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-06-07 23:43 - 2010-10-26 09:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-06-07 23:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-31 23:25 - 2017-01-20 05:16 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1484907403
2017-05-26 00:36 - 2016-07-06 01:30 - 00000000 ____D C:\Users\Bendlebender\AppData\Local\CrashDumps
2017-05-23 04:11 - 2017-01-29 00:34 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2017-05-23 04:11 - 2010-10-26 09:25 - 00000000 ____D C:\ProgramData\WildTangent
2017-05-23 04:11 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-21 00:37 - 2012-04-10 16:29 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2017-05-21 00:23 - 2012-04-10 16:29 - 00004284 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-05-16 04:22 - 2011-10-25 15:30 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 23:29 - 2017-01-20 05:16 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-11 02:16 - 2011-06-06 23:54 - 00000000 ____D C:\DOSGames
2017-05-10 19:13 - 2016-07-03 02:30 - 00041649 _____ C:\Users\Bendlebender\Downloads\Addition.txt
2017-05-10 19:04 - 2012-04-09 01:11 - 00000000 ____D C:\Users\Bendlebender\AppData\Local\ElevatedDiagnostics
2017-05-10 19:04 - 2010-12-16 17:09 - 01778714 _____ C:\Windows\ntbtlog.txt
2017-05-10 03:50 - 2013-07-03 14:12 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 03:50 - 2013-07-03 14:12 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 03:50 - 2011-10-25 15:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 03:50 - 2011-06-21 12:11 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 03:50 - 2010-10-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 00:13 - 2017-01-20 05:16 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-09 00:13 - 2017-01-20 05:16 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-09 00:12 - 2017-01-20 05:16 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-09 00:12 - 2017-01-20 05:16 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

==================== Files in the root of some directories =======

2003-11-05 11:49 - 2003-11-03 14:09 - 1512863 _____ () C:\Program Files\RT_ToEE4.dat
2013-03-30 16:33 - 2014-01-03 04:03 - 0001145 _____ () C:\Users\Bendlebender\AppData\Roaming\hexplorer.dat
2013-03-30 16:33 - 2014-01-03 04:03 - 0000027 _____ () C:\Users\Bendlebender\AppData\Roaming\mclip.dat
2015-05-09 15:50 - 2015-05-09 15:50 - 0003584 _____ () C:\Users\Bendlebender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-09 01:03 - 2017-02-21 04:46 - 0007607 _____ () C:\Users\Bendlebender\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
resumeobject            {4949f807-e120-11df-b1cb-f04da251bf52}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {4949f809-e120-11df-b1cb-f04da251bf52}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4949f807-e120-11df-b1cb-f04da251bf52}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {4949f809-e120-11df-b1cb-f04da251bf52}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{4949f80a-e120-11df-b1cb-f04da251bf52}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{4949f80a-e120-11df-b1cb-f04da251bf52}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {4949f807-e120-11df-b1cb-f04da251bf52}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {4949f80a-e120-11df-b1cb-f04da251bf52}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2017-05-25 03:04

==================== End of FRST.txt ============================

 

 

 

 

ADDITION Log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by Bendlebender (08-06-2017 01:49:54)
Running from C:\Users\Bendlebender\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-01 18:52:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1748231068-357915915-2718231513-500 - Administrator - Disabled)
Bendlebender (S-1-5-21-1748231068-357915915-2718231513-1000 - Administrator - Enabled) => C:\Users\Bendlebender
Fat Wombat (S-1-5-21-1748231068-357915915-2718231513-1001 - Limited - Enabled) => C:\Users\Fat Wombat
Guest (S-1-5-21-1748231068-357915915-2718231513-501 - Limited - Disabled)
KnockerCroc (S-1-5-21-1748231068-357915915-2718231513-1007 - Administrator - Enabled)
Warchow (S-1-5-21-1748231068-357915915-2718231513-1002 - Administrator - Enabled) => C:\Users\Warchow

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0601.2151 - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Baldur's Gate™ II - Shadows of Amn™ Bonus CD (HKLM-x32\...\{014585C8-7557-11D4-9ABA-006067325E47}) (Version:  - )
Baldur's Gate™ II - Throne of Bhaal ™ (HKLM-x32\...\{B8C3B479-1716-11D5-968A-0050BA84F5F7}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
ccc-core-static (x32 Version: 2010.0601.2152.37421 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Circle of Eight Modpack version 6.1.0 NC (HKLM-x32\...\{F25E8F2C-8443-42B6-A232-9236A74507C5}_is1) (Version: 6.1.0 NC - Circle of Eight)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Creature Chaos 4.22 (HKLM-x32\...\{BA6A41DC-603B-49D5-AC40-2A125DFF6DB8}_is1) (Version:  - Creature Chaos Mod Team)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DJ OldGames Package: Stronghold (HKLM-x32\...\Stronghold63) (Version: 1.0.3.0 - DJ)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GrafX2 (GNU GPL) (HKLM-x32\...\Grafx2-SDL) (Version: 2.4.wip2035 - )
HHD Software Free Hex Editor Neo 5.14 (HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version:  - )
Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version:  - )
Impossible Creatures 1.0.1 (HKLM-x32\...\{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}) (Version: 1.0.1 - Microsoft)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Neverwinter Nights (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OHRRPGCE alectormancy+2 20120731 (HKLM-x32\...\Official Hamster Republic RPG Construction Engine_is1) (Version:  - Hamster Republic Productions)
PRC Pack (HKLM-x32\...\PRC Pack) (Version:  - )
Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.18 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
Skins (x32 Version: 2010.0601.2152.37421 - ATI) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars Galactic Battlegrounds: Saga (HKLM-x32\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version:  - )
Temple of Elemental Evil (HKLM-x32\...\{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}) (Version: 1.00.000 - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.30 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1748231068-357915915-2718231513-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Bendlebender\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B526565-5357-4258-B186-6D81D9E9823B} - System32\Tasks\SafeZone scheduled Autoupdate 1466146326 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {10351236-259F-4513-8C82-9D93F94B88FF} - System32\Tasks\{F5849F38-F53B-4785-81ED-A52505261760} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {29C10A22-CFCB-418A-A90D-79F89BDCB3A3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {30229D28-3DC4-48C1-A0A6-EF184657852C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33731B9E-9AE7-433E-917F-D27E1C5DD55D} - System32\Tasks\{D96E61CD-345B-4429-9651-903DEBF4576C} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {3753EBD4-14EC-47DF-90CA-729F0D81A64E} - System32\Tasks\Microsoft\Windows\PLA\Second Run => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "Second Run" "$(Arg0)"
Task: {3E1A0EBE-446F-4902-8DF2-616EE969C254} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E238F99-D2C8-4BDA-8545-46B87EA6D4A2} - System32\Tasks\{518DE036-8CE4-4771-9096-601792D4483A} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {3F066AE7-046C-4B3C-90A2-2111583C8559} - System32\Tasks\{EE294D32-CB24-4716-A137-F9FA34C847D3} => C:\DOSGames\Unlimited Adventures\FRUA\INSTALL.EXE
Task: {40AB365C-7EB9-4BC2-8665-3B509F9C2101} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {41E7D123-4F7E-41D8-BE7E-D39F24412A14} - System32\Tasks\{00B5695A-C0B5-47B4-9CDF-21532ACA86A2} => pcalua.exe -a C:\Users\Bendlebender\Desktop\ArtOfIllusion281-Windows.exe -d C:\Users\Bendlebender\Desktop
Task: {4F92FF15-22C3-4DB9-A794-EC7C92E93749} - System32\Tasks\{8AA59E8F-DCBE-42B0-9823-2F84F9D2D708} => C:\Users\Bendlebender\Desktop\Recreation\S\snes9x.exe [2003-08-12] (Gary Henderson)
Task: {516451C2-0FB6-4AD8-A390-1DD892076084} - System32\Tasks\SafeZone scheduled Autoupdate 1484907403 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {524602FD-3059-4D93-990F-D72687CB2532} - System32\Tasks\{65CAF38B-06B6-4C75-86D1-E871D339D1CA} => pcalua.exe -a "C:\Users\Bendlebender\Desktop\Recreation\Mods\Neverwinter\Latest PRC\CC_1.8_Win\CharacterCreator.exe" -d "C:\Users\Bendlebender\Desktop\Recreation\Mods\Neverwinter\Latest PRC\CC_1.8_Win"
Task: {5F37B00A-EECF-4E82-8ABD-FC87F2897AB6} - System32\Tasks\{F00BEE45-595F-4958-81CD-FB0E51C7BC10} => pcalua.exe -a "C:\Users\Bendlebender\Desktop\Recreation\Mods\Baldur's Gate\shardsofice-v5.exe" -d "C:\Users\Bendlebender\Desktop\Recreation\Mods\Baldur's Gate"
Task: {6920F034-B1B4-47BD-99FD-5E4970B4B74F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {6A8F34FC-187E-4D85-A7C1-552891DDE221} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {85263EEA-D47F-48C4-8807-74C0CBC29DC8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {87A3057A-8A75-4739-B2C1-9777276EF530} - System32\Tasks\{763FCEB8-2E39-4802-B113-FD8DA82A80E9} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {8B4A98CD-B127-4A9F-804F-E7CBF77D40D1} - System32\Tasks\Microsoft\Windows\PLA\With Avasti => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "With Avasti" "$(Arg0)"
Task: {9F391A5D-21CF-4502-B154-9941420EA5BE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-28] (PC-Doctor, Inc.)
Task: {A3BC7FEB-C667-46CC-A565-E2E12AD7476B} - System32\Tasks\{B6E20656-AA29-4115-91D3-D1EC8375242C} => C:\Program Files\TOEE\TOEE3.EXE
Task: {BB55B899-1D8D-4990-9EA0-A21A009C6AA8} - System32\Tasks\{CBD7F791-5D4D-4AA3-8DAA-D368A5492DDA} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {CD4D8FAC-0AC9-4693-8CDB-9CE99AADA93A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {CE2D8A6F-CB86-4FF8-BB35-75C173A35D63} - System32\Tasks\SafeZone scheduled Autoupdate 1483432041 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {CFFE7552-4C3A-4853-9675-75E3389210DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {EF3A1A82-1F08-4EC0-AFBE-D694D4713442} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {FBE41EE1-67CC-4C62-BE2D-C6432898FE66} - System32\Tasks\{D885621F-67B8-446A-B8FB-F61ED41BF337} => C:\Users\Bendlebender\Desktop\FRUA\INSTALL.EXE
Task: {FC8BAF38-6933-45F3-BA25-099FC459D141} - System32\Tasks\Microsoft\Windows\PLA\First Run => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "First Run" "$(Arg0)"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe o-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Bendlebender\Desktop\Recreation\Side Things\Oldgames\OldGames.sk\www.oldgames.sk.lnk -> hxxp:

==================== Loaded Modules (Whitelisted) ==============

2011-01-18 19:15 - 2009-04-24 16:50 - 00210944 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2010-10-26 09:18 - 2009-06-23 16:02 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2010-10-26 09:29 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-05-09 00:12 - 2017-05-09 00:12 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00825960 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2010-10-26 09:18 - 2009-07-22 08:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
2016-08-25 02:26 - 2016-08-25 02:26 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3cac3c9fcb04ebef9378c774982b4dc3\VistaBridgeLibrary.ni.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-03-08 11:02 - 2010-03-08 11:02 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-01 21:50 - 2010-06-01 21:50 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-06-07 23:45 - 2017-06-07 23:45 - 06100784 _____ () C:\Program Files\AVAST Software\Avast\defs\17060700\algo.dll
2017-05-09 00:13 - 2017-05-09 00:13 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 00:13 - 2017-05-09 00:13 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 00:12 - 2017-05-09 00:12 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2016-08-24 04:38 - 2016-08-24 04:38 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2010-10-26 09:14 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [98]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1748231068-357915915-2718231513-1000\...\mcafee.com -> hxxps://mcafee.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1748231068-357915915-2718231513-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bendlebender\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{79E7E1F0-2F99-436A-AF7C-F51FADEC8035}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FAC2E99E-B803-4B2D-B64B-901A3451FFD8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{49399E2C-C122-42E1-90B7-BE6B50D58031}] => (Allow) svchost.exe
FirewallRules: [{AB196ED8-FF53-4448-ABCB-8FB6F387A498}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A2C11EDE-47EB-4086-B767-23DF43244711}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B7B8531B-FDCE-4917-97A7-4B57C419D983}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{DA986246-9658-4ACD-9637-C2B37431866B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{9554C4C0-B9B6-4A2D-A014-E35A1EAAD8EF}C:\sam\printcontrol.exe] => (Allow) C:\sam\printcontrol.exe
FirewallRules: [UDP Query User{BA9C980D-0836-4009-9162-717987472E82}C:\sam\printcontrol.exe] => (Allow) C:\sam\printcontrol.exe
FirewallRules: [{94F1E1BF-BFEA-4A03-8087-43394404AA36}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{31F96EDC-0D96-42E8-AF17-0596D6931815}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{16D7ED50-2F2D-4904-AEB4-13D89CF7B080}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{8EB75C73-C3AB-44F8-A1F7-5B58961985CD}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{0A0C1EF9-B26F-425B-9A4C-3774BA9003C3}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{89501BDF-EBB1-4CFE-97F8-8BFA97870329}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{3B6266F4-AA3E-4F82-B6F9-7EF987970FA0}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{1539314C-A04E-443A-9FAE-17BCEA673B7F}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{1AE0C654-367B-42AD-A00D-B3E3FF9D0F23}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{623458FF-8DED-4A66-8CAF-F5C8DC6094CC}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{4D527ADB-6051-4CE8-85D2-9A9F6FFFCA13}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{11D120EA-E91C-4676-9EED-7D130B1010B0}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{6390CC46-5116-4172-AD5D-2A8129EDDA65}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{8A55B7D6-510E-4438-8E8D-D737CEA48BAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ED878DC9-1A7B-4D46-B803-43B5B9B7161B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe

==================== Restore Points =========================

24-08-2016 04:45:47 Windows Update
25-08-2016 23:24:28 Windows Update
30-08-2016 03:43:46 ComboFix created restore point
02-09-2016 03:42:16 Windows Update
08-09-2016 04:56:14 Windows Update
25-09-2016 00:44:13 Windows Update
25-09-2016 01:21:50 Windows Update
01-10-2016 04:13:48 Windows Update
08-10-2016 04:34:50 Windows Update
08-10-2016 23:08:57 Windows Update
08-10-2016 23:27:16 Windows Update
20-10-2016 03:32:25 Scheduled Checkpoint
30-10-2016 03:00:19 Scheduled Checkpoint
09-11-2016 03:09:15 Scheduled Checkpoint
17-11-2016 05:05:09 Scheduled Checkpoint
25-11-2016 04:30:20 Scheduled Checkpoint
06-12-2016 03:20:29 Scheduled Checkpoint
11-12-2016 05:27:04 Windows Update
19-12-2016 05:57:56 Windows Update
28-12-2016 05:46:44 Windows Update
11-01-2017 05:13:41 Scheduled Checkpoint
18-01-2017 05:20:25 Scheduled Checkpoint
02-02-2017 05:18:35 Scheduled Checkpoint
11-02-2017 05:19:27 Scheduled Checkpoint
24-02-2017 05:12:47 Scheduled Checkpoint
05-03-2017 05:12:01 Scheduled Checkpoint
14-03-2017 04:15:55 Scheduled Checkpoint
24-03-2017 04:25:04 Scheduled Checkpoint
06-04-2017 04:46:18 Scheduled Checkpoint
15-04-2017 04:07:00 Scheduled Checkpoint
30-04-2017 04:41:04 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ATI High Definition Audio Device
Description: ATI High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: AtiHdmiService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2017 01:47:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/07/2017 11:44:18 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/06/2017 11:17:13 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/05/2017 11:08:23 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/05/2017 01:07:32 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/05/2017 12:13:46 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/03/2017 11:55:46 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/03/2017 04:20:41 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/03/2017 03:57:34 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/02/2017 11:07:26 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

System errors:
=============
Error: (06/07/2017 03:31:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/06/2017 11:16:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/05/2017 01:07:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/05/2017 01:06:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/05/2017 01:05:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:03:27 AM on ‎6/‎5/‎2017 was unexpected.

Error: (06/05/2017 12:13:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2017 11:55:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2017 04:21:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2017 04:20:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2017 03:57:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

CodeIntegrity:
===================================
  Date: 2016-09-25 00:46:39.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\c4154e707216b0f9ca48a8462c2fdd9e\inst\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23455_none_c025ec161664fa1b\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-25 00:46:35.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\c4154e707216b0f9ca48a8462c2fdd9e\inst\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23455_none_b5d141c3e2043820\appidapi.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 44%
Total physical RAM: 3956.52 MB
Available physical RAM: 2178.25 MB
Total Virtual: 9954.71 MB
Available Virtual: 7990.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:258.78 GB) NTFS
Drive d: (TOEE_PLAY) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 46C06955)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 PM

Posted 08 June 2017 - 02:41 AM

  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-1748231068-357915915-2718231513-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      cmd: bitsadmin /reset /allusers
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 Scan with Zemana Anti-malware
    Download and install Zemana anti-malware from here.
    • Double-click to run the software;
    • Click on Scan
    • After scan finishes click on the report tab on the top right corner;
    • Choose the latest report by clicking on it and click on Open Report afterward.
    • Copy and Paste the contents of the report in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
    • Zemana Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 09 June 2017 - 03:37 AM

FRST FIXLOG:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by Bendlebender (09-06-2017 02:29:04) Run:3
Running from C:\Users\Bendlebender\Desktop
Loaded Profiles: Bendlebender (Available Profiles: Bendlebender & Fat Wombat & Warchow)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
cmd: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1748231068-357915915-2718231513-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57466467 B
Java, Flash, Steam htmlcache => 517313 B
Windows/system/drivers => 1800572 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 42120 B
Bendlebender => 221044001 B
Fat Wombat => 1462 B
Warchow => 18845586 B

RecycleBin => 257621319 B
EmptyTemp: => 539.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 02:31:09 ====

 

 

 

 

ZEMANA FIXLOG:

 

 

Zemana AntiMalware 2.72.2.388 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/6/9
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i5 CPU M 460 @ 2.53GHz
BIOS Mode              : Legacy
CUID                   : 1276DB3C6863F6876BF70F
Scan Type              : Scheduled Scan
Duration               : 47m 55s
Scanned Objects        : 440889
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

IZArc4.1.2.exe
Status             : Scanned
Object             : %userprofile%\desktop\sorting\leftovers\izarc4.1.2.exe
MD5                : C542E0E60DC2F7FFCF491DD300EFE62C
Publisher          : -
Size               : 4673720
Version            : 4.1.2.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\sorting\leftovers\izarc4.1.2.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0

 

 

 

Suspect the OpenCandy has been seen before.



#14 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 PM

Posted 09 June 2017 - 01:00 PM

Are you still getting that warning?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#15 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 10 June 2017 - 03:33 AM

If you mean having the OpenCandy show up again, and this time on the Zemana scan, yes. Also, Zemana did perform another scan, with nothing to quarantine that time around. Performance is about the same, though.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users