Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disabled Chrome and Antivirus - Windows 7


  • This topic is locked This topic is locked
10 replies to this topic

#1 angry@computers

angry@computers

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 17 May 2017 - 11:51 AM

Hello there,

 

Due to a lack of concentration, I clicked what I thought was a legit ad for a poker site. Sadly, since then my AVG virus protection failed and Google Chrome wouldn't work. I Restored it to an earlier time, but it didn't solve the problem, and I couldn't uninstall AVG or Chrome. I kept getting the error code 0x0000003  a breakpoint has been reached.

 

Eventually I managed to uninstall AVG and Chrome with REVO Uninstaller. I have also done an SFC scan, which didn't seem to do much. 

 

There is a major problem running scans with any kind of Antivirus software, and FARBAR would only scan in SAFE MODE. So here are the results....


Edited by angry@computers, 17 May 2017 - 11:56 AM.


BC AdBot (Login to Remove)

 


#2 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 17 May 2017 - 11:53 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by KATY (administrator) on KATY-PC (17-05-2017 17:42:49)
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY (Available Profiles: KATY & Scott Woodward)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-16] (AVAST Software)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5686A1FF-0D44-4C69-8DC4-3CADA3EFB569}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5DBCEB2-DE15-4010-B6F9-2E8837F1B239}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FA889BF0-F113-4780-B051-35694C2EC94C} hxxp://download.isvinternet.com/public/ISVFlashIEOnline/ISVFlashIEOnline.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-15] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default [2017-05-17]
CHR Extension: (Google Drive) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-16]
CHR Extension: (YouTube) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-16]
CHR Extension: (Adblock Plus) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-16]
CHR Extension: (Gmail) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-16] (AVAST Software)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-16] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-16] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-16] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-16] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-16] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-16] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-16] (AVAST Software)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-17 17:40 - 2017-05-17 17:40 - 00224872 _____ C:\Windows\ntbtlog.txt
2017-05-17 17:37 - 2017-05-17 17:43 - 00010110 _____ C:\Users\KATY\Desktop\FRST.txt
2017-05-17 17:22 - 2017-05-17 17:22 - 02429952 _____ (Farbar) C:\Users\KATY\Desktop\FRST64.exe
2017-05-17 17:03 - 2017-05-17 17:20 - 00024185 _____ C:\Users\Scott Woodward\Desktop\FRST.txt
2017-05-17 17:03 - 2017-05-17 17:10 - 00034791 _____ C:\Users\Scott Woodward\Desktop\Addition.txt
2017-05-17 17:02 - 2017-05-17 17:42 - 00000000 ____D C:\FRST
2017-05-17 17:01 - 2017-05-17 17:01 - 02429952 _____ (Farbar) C:\Users\Scott Woodward\Desktop\FRST64.exe
2017-05-17 00:02 - 2017-05-17 00:02 - 00003544 ____N C:\bootsqm.dat
2017-05-16 22:24 - 2017-05-16 22:25 - 00422712 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-16 22:22 - 2017-05-16 22:22 - 00000000 ____D C:\Users\Scott Woodward\AppData\Roaming\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:55 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-16 21:55 - 2017-05-16 21:55 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-16 21:55 - 2017-05-16 21:55 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-16 21:55 - 2017-05-16 21:55 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:55 - 00000000 ____D C:\Users\KATY\AppData\Roaming\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:54 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-16 21:54 - 2017-05-16 21:54 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-16 21:52 - 2017-05-16 21:52 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-16 21:49 - 2017-05-16 21:50 - 00189044 _____ C:\TDSSKiller.3.1.0.15_16.05.2017_21.49.19_log.txt
2017-05-16 21:40 - 2017-05-16 21:40 - 00189044 _____ C:\TDSSKiller.3.1.0.15_16.05.2017_21.40.03_log.txt
2017-05-16 20:46 - 2017-05-16 21:55 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-16 20:43 - 2017-05-16 21:52 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-16 20:43 - 2017-05-16 20:43 - 06919904 _____ (AVAST Software) C:\Users\KATY\Downloads\avast_free_antivirus_setup_online.exe
2017-05-16 20:29 - 2017-05-16 20:29 - 08544408 _____ (AVAST Software) C:\Users\Scott Woodward\Downloads\avastclear.exe
2017-05-16 19:23 - 2017-05-16 20:19 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-16 19:23 - 2017-05-16 19:23 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-16 19:23 - 2017-05-16 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-16 19:23 - 2017-05-16 19:23 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-16 17:43 - 2017-05-16 17:44 - 35357312 _____ (Adlice Software ) C:\Users\Scott Woodward\Downloads\RogueKiller_setup.exe
2017-05-16 17:37 - 2017-05-16 17:37 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-16 17:37 - 2017-05-16 17:36 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-16 17:30 - 2017-05-16 17:30 - 06919904 _____ (AVAST Software) C:\Users\Scott Woodward\Downloads\avast_free_antivirus_setup_online.exe
2017-05-16 16:20 - 2017-05-16 16:20 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 16:19 - 2017-05-16 16:19 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-16 16:19 - 2017-05-16 16:19 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-16 16:18 - 2017-05-16 16:19 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\Deployment
2017-05-16 16:18 - 2017-05-16 16:18 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\Apps\2.0
2017-05-16 14:34 - 2017-05-16 16:20 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-16 14:27 - 2017-05-16 15:51 - 00000000 ____D C:\Users\KATY\AppData\Local\AvgSetupLog
2017-05-16 14:17 - 2017-05-16 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-05-16 14:17 - 2017-05-16 14:17 - 00000000 ____D C:\Program Files\VS Revo Group
2017-05-16 14:07 - 2017-05-16 14:14 - 00000000 ____D C:\AVG_Remover
2017-05-16 13:40 - 2017-05-16 13:38 - 07986864 _____ ( ) C:\Users\KATY\Downloads\AVG_Remover (1).exe
2017-05-15 11:00 - 2017-05-15 11:00 - 00521587 _____ C:\Users\Scott Woodward\Downloads\Mr Banks.pdf
2017-05-15 11:00 - 2017-05-15 11:00 - 00195451 _____ C:\Users\Scott Woodward\Downloads\Dr Maudsley.pdf
2017-05-15 10:59 - 2017-05-15 10:59 - 00560870 _____ C:\Users\Scott Woodward\Downloads\Collins, Radleigh & Anderson.pdf
2017-05-15 10:59 - 2017-05-15 10:59 - 00526146 _____ C:\Users\Scott Woodward\Downloads\Billy & Maeve.pdf
2017-05-15 10:59 - 2017-05-15 10:59 - 00052523 _____ C:\Users\Scott Woodward\Downloads\Character Details[352].pdf
2017-05-15 10:59 - 2017-05-15 10:59 - 00032839 _____ C:\Users\Scott Woodward\Downloads\Blue Stockings Synopsis[353].pdf
2017-05-14 12:36 - 2017-05-16 21:52 - 00000000 ____D C:\AdwCleaner
2017-05-10 14:00 - 2017-05-10 14:04 - 00214414 _____ C:\Users\Scott Woodward\Desktop\Simon Hills Application.pdf
2017-05-07 14:38 - 2017-05-07 14:38 - 01663672 _____ (Malwarebytes) C:\Users\Scott Woodward\Desktop\JRT.exe
2017-05-02 21:29 - 2017-05-02 21:29 - 00183993 _____ C:\Users\Scott Woodward\Downloads\1476995817-KevinSpacey_ClassWorkbook_Ch9-12_v8.pdf
2017-05-02 21:21 - 2017-05-02 21:21 - 00183993 _____ C:\Users\Scott Woodward\Downloads\1476995803-KevinSpacey_ClassWorkbook_Ch9-12_v8.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-17 17:22 - 2010-07-31 14:49 - 00000000 ____D C:\Users\KATY\AppData\Local\SoftThinks
2017-05-17 17:21 - 2017-01-20 13:56 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job
2017-05-17 17:21 - 2017-01-20 13:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0117av.job
2017-05-17 17:21 - 2016-12-08 17:55 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job
2017-05-17 17:21 - 2016-12-08 17:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1216av.job
2017-05-17 17:21 - 2016-11-14 13:38 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job
2017-05-17 17:21 - 2016-11-14 13:38 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1116av.job
2017-05-17 17:21 - 2016-09-24 18:42 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job
2017-05-17 17:21 - 2016-09-24 18:41 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0916av.job
2017-05-17 16:54 - 2017-01-09 12:14 - 00016784 _____ C:\Users\Scott Woodward\Desktop\Extras.xlsx
2017-05-17 16:39 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-17 16:39 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-17 16:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-16 20:58 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-16 20:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-16 19:24 - 2015-01-14 19:14 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-16 17:17 - 2011-09-17 10:15 - 00000000 ____D C:\Users\KATY\AppData\Local\ElevatedDiagnostics
2017-05-16 16:30 - 2016-08-02 16:53 - 00000000 ____D C:\Users\KATY\AppData\Local\Google
2017-05-16 15:48 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-16 14:25 - 2016-08-18 17:48 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\CrashDumps
2017-05-16 14:25 - 2016-08-18 16:46 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Job Stuff
2017-05-16 14:25 - 2016-08-18 16:45 - 00000000 ____D C:\Users\Scott Woodward\Desktop\My Documents
2017-05-16 14:25 - 2016-07-27 01:00 - 00000000 ____D C:\Users\KATY\AppData\Local\CrashDumps
2017-05-16 14:25 - 2011-03-29 21:28 - 00000000 ____D C:\ProgramData\Skype
2017-05-16 14:25 - 2010-06-12 14:58 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-05-16 13:30 - 2016-08-18 16:40 - 00000000 ____D C:\Users\Scott Woodward
2017-05-16 13:25 - 2010-07-31 14:49 - 00000000 ____D C:\Users\KATY
2017-05-16 13:24 - 2015-04-04 17:53 - 00000000 ___SD C:\Windows\system32\GWX
2017-05-16 13:24 - 2014-11-05 20:09 - 00000000 ____D C:\ProgramData\FLEXnet
2017-05-16 13:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-05-16 13:07 - 2016-08-18 16:40 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\Avg
2017-05-13 13:07 - 2011-07-08 23:52 - 00000000 ____D C:\Users\KATY\AppData\Local\Deployment
2017-05-10 15:44 - 2016-08-18 16:47 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Scripts
2017-05-10 15:44 - 2016-08-18 16:46 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Album
2017-05-10 15:30 - 2016-08-18 16:46 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Tracks
2017-05-10 14:06 - 2017-04-13 12:55 - 00000000 ____D C:\Users\Scott Woodward\Desktop\KS Masterclass
2017-05-09 11:27 - 2016-09-25 12:42 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Extra Shots
2017-05-02 15:46 - 2017-01-17 19:35 - 00014336 _____ C:\Users\Scott Woodward\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2012-04-16 15:58 - 2012-09-08 11:04 - 0006228 _____ () C:\Users\KATY\AppData\Roaming\My Profile.xml
2010-08-09 13:52 - 2014-05-14 14:22 - 0000274 _____ () C:\Users\KATY\AppData\Roaming\wklnhst.dat
2011-08-16 16:33 - 2016-05-05 09:47 - 0005632 _____ () C:\Users\KATY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-18 11:28 - 2016-09-04 15:25 - 0007624 _____ () C:\Users\KATY\AppData\Local\Resmon.ResmonCfg
2011-03-29 21:30 - 2011-03-29 21:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-12-16 17:28 - 2013-12-16 17:28 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-06-30 13:48 - 2016-06-30 13:48 - 0001534 _____ () C:\ProgramData\ss.ini
 
Some files in TEMP:
====================
2017-05-16 19:23 - 2015-05-25 19:21 - 1728960 _____ (Microsoft Corporation) C:\Users\KATY\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-15 21:13
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by KATY (17-05-2017 17:44:06)
Running from C:\Users\KATY\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-07-31 13:49:14)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1003 - Limited - Enabled)
KATY (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\KATY
Scott Woodward (S-1-5-21-2882669103-2359843712-3705734191-1005 - Limited - Enabled) => C:\Users\Scott Woodward
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Connect Add-in (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bass Station 2.0 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.0 - Novation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series User Registration (HKLM-x32\...\Canon MP220 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.5.178 - Final Draft, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.10.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.9.0 - Adlice Software)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05027D17-EA8D-42C4-877F-16C2292C29A0} - System32\Tasks\AVG-SSU_1116av_DELETE => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe 
Task: {0DE62D5F-6793-4D9A-A4B5-85203F66EEBD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-16] (AVAST Software)
Task: {27615766-79F8-4532-9BF3-E5A61BE19BC6} - System32\Tasks\AVG-SSU_0117av => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe 
Task: {32CE1B0C-B0FF-4247-9855-9C01279B6CDB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-16] (AVAST Software)
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {3B320F76-B672-4A3F-892E-684B8B275E3F} - System32\Tasks\AVG-SSU_0916av => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe 
Task: {5753B295-55DC-4532-AA64-25F4BABB658E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6823CCA0-9B7C-4F4B-913B-0BEF31B21198} - System32\Tasks\{37D386B3-F131-48D2-9F0F-46F0E5B5FE66} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {6987ADD7-B491-4DB5-B16D-EF1CA7EDD918} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {7389D5E7-5020-4057-A098-5F113E548193} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-16] (Google Inc.)
Task: {7D0D10C7-007F-4BE4-813E-A45563CB3AC9} - System32\Tasks\AVG-SSU_1116av => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe 
Task: {7D90AE41-6846-45F6-AF4E-D58D3F40D5F9} - System32\Tasks\AVG-SSU_0117av_DELETE => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe 
Task: {92EC80B4-06EE-4FB4-9146-0B36BDA514E4} - System32\Tasks\AVG-SSU_1216av_DELETE => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe 
Task: {9803F348-63AA-426C-BD39-23FA9DBA9773} - System32\Tasks\AVG-SSU_1216av => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe 
Task: {A3148A0E-14DE-41A6-B434-0F937B2D233B} - System32\Tasks\AVG-SSU_0916av_DELETE => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe 
Task: {ADC1B254-1238-4558-8383-F638604A462D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
Task: {E44F9CA9-7EBE-4753-A9EE-2D8A88C8D54A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-16] (Google Inc.)
Task: {F7109B76-4CA3-4AEB-B16D-8A9BAB26AF71} - System32\Tasks\{9DFCF029-FD9C-4B80-B326-909827D973B2} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG-SSU_0117av.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-08-13 21:29 - 00000747 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^KATY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: googletalk => C:\Users\KATY\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CCE02BA2-9890-4424-BEFB-7BE1B33B1615}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [TCP Query User{C3497406-DB8E-417F-A796-176A9193FAF6}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{00AB1F7E-C188-4D46-B58A-D1BBDF63ED7D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{659F921F-9AB9-4A3D-9234-A2BC81052E36}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1C7B341E-D8B7-4619-9614-EE3BAF843B01}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{BA940B3C-75F8-47B9-AED3-20988028D0D7}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{C386B939-0FDC-42AE-9931-9C95029F1A8D}C:\users\scott woodward\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\scott woodward\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{839B1729-4EDC-46EB-93FA-12F94FB907B6}C:\users\scott woodward\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\scott woodward\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EF8F51E0-3DA3-466F-8E71-D722A14F9592}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-05-2017 21:07:17 JRT Pre-Junkware Removal
16-05-2017 12:35:02 JRT Pre-Junkware Removal
16-05-2017 13:17:34 Restore Operation
16-05-2017 14:18:34 Revo Uninstaller's restore point - RogueKiller version 12.10.7.0
16-05-2017 15:42:41 Revo Uninstaller's restore point - AVG Protection
16-05-2017 15:43:34 Revo Uninstaller's restore point - AVG
16-05-2017 15:44:00 Revo Uninstaller's restore point - AVG Protection
16-05-2017 15:46:34 Revo Uninstaller's restore point - AVG
16-05-2017 15:49:14 Revo Uninstaller's restore point - AVG
16-05-2017 15:54:37 Revo Uninstaller's restore point - Google Chrome
16-05-2017 16:06:54 Revo Uninstaller's restore point - Reimage Repair
16-05-2017 20:22:56 Revo Uninstaller's restore point - Avast Free Antivirus
16-05-2017 21:22:37 Revo Uninstaller's restore point - Avast Free Antivirus
16-05-2017 21:30:41 Revo Uninstaller's restore point - Avast Free Antivirus
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/17/2017 05:37:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1040
 
Start Time: 01d2cf2b0880ed9c
 
Termination Time: 15
 
Application Path: E:\FRST64.exe
 
Report Id: 1974197b-3b1f-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 05:26:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: da0
 
Start Time: 01d2cf29e9885a2e
 
Termination Time: 0
 
Application Path: C:\Users\KATY\Desktop\FRST64.exe
 
Report Id: 9a27180a-3b1d-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 05:20:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1374
 
Start Time: 01d2cf27eb955a16
 
Termination Time: 31
 
Application Path: C:\Users\Scott Woodward\Desktop\FRST64.exe
 
Report Id: c71e047b-3b1c-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 05:08:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 107c
 
Start Time: 01d2cf27044fb506
 
Termination Time: 16
 
Application Path: C:\Users\Scott Woodward\Desktop\FRST64.exe
 
Report Id: 0aa01564-3b1b-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 04:35:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2.
Invalid Xml syntax.
 
Error: (05/16/2017 09:55:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/16/2017 09:30:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8e03e45b-4afb-4ec6-a4af-a518bd102ee8}
 
Error: (05/16/2017 09:27:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/16/2017 09:22:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a7c95bb9-69f9-4300-b770-2e9d5d878444}
 
Error: (05/16/2017 08:46:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/17/2017 05:42:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
 
CodeIntegrity:
===================================
  Date: 2015-01-16 13:42:59.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 13:42:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 21%
Total physical RAM: 4056.36 MB
Available physical RAM: 3173.95 MB
Total Virtual: 8110.93 MB
Available Virtual: 7259.99 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:133.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 PM

Posted 18 May 2017 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Try to run in normal mode the Farbar program as an Administrator
If that fails try this.

Rename the Farbar program svchost.exe run the renamed program in normal mode. Post a fresh FRST log is successful.

Edited by nasdaq, 18 May 2017 - 10:22 AM.


#4 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 18 May 2017 - 11:28 AM

Hi Nasdaq, Thanks for the quick reply,
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/18/2017 05:26:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001


#5 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 18 May 2017 - 12:17 PM

RogueKiller V12.10.9.0 (x64) [May 15 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KATY [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/18/2017 17:42:29 (Duration : 00:23:24)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-75A23T0 +++++
--- User ---
[MBR] a5e0780384e0a8d03dadc635d92fe18f
[BSP] 694dee98641478a77e169abb713805b6 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by KATY (administrator) on KATY-PC (18-05-2017 17:39:24)
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY (Available Profiles: KATY & Scott Woodward)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-16] (AVAST Software)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5686A1FF-0D44-4C69-8DC4-3CADA3EFB569}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5DBCEB2-DE15-4010-B6F9-2E8837F1B239}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FA889BF0-F113-4780-B051-35694C2EC94C} hxxp://download.isvinternet.com/public/ISVFlashIEOnline/ISVFlashIEOnline.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-15] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default [2017-05-18]
CHR Extension: (Google Drive) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-16]
CHR Extension: (YouTube) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-16]
CHR Extension: (Adblock Plus) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-16]
CHR Extension: (Gmail) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-16] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-16] (AVAST Software)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-05-18] ()
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-18 17:31 - 2017-05-18 17:33 - 00074420 _____ C:\Windows\ntbtlog.txt
2017-05-18 17:31 - 2017-05-18 17:31 - 478640969 _____ C:\Windows\MEMORY.DMP
2017-05-18 17:31 - 2017-05-18 17:31 - 00277016 _____ C:\Windows\Minidump\051817-21543-01.dmp
2017-05-18 17:28 - 2017-05-18 17:28 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\KATY\Desktop\rkill.exe
2017-05-18 17:26 - 2017-05-18 17:29 - 00001930 _____ C:\Users\KATY\Desktop\Rkill.txt
2017-05-18 17:26 - 2017-05-18 17:26 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Scott Woodward\Desktop\rkill64.exe
2017-05-18 17:25 - 2017-05-18 17:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Scott Woodward\Desktop\rkill.exe
2017-05-17 17:37 - 2017-05-18 17:40 - 00011761 _____ C:\Users\KATY\Desktop\FRST.txt
2017-05-17 17:22 - 2017-05-17 17:22 - 02429952 _____ (Farbar) C:\Users\KATY\Desktop\FRST64.exe
2017-05-17 17:02 - 2017-05-18 17:39 - 00000000 ____D C:\FRST
2017-05-17 17:01 - 2017-05-17 17:01 - 02429952 _____ (Farbar) C:\Users\Scott Woodward\Desktop\FRST64.exe
2017-05-16 22:24 - 2017-05-16 22:25 - 00422712 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-16 22:22 - 2017-05-16 22:22 - 00000000 ____D C:\Users\Scott Woodward\AppData\Roaming\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:55 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-16 21:55 - 2017-05-16 21:55 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-16 21:55 - 2017-05-16 21:55 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-16 21:55 - 2017-05-16 21:55 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:55 - 00000000 ____D C:\Users\KATY\AppData\Roaming\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-05-16 21:55 - 2017-05-16 21:54 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-16 21:55 - 2017-05-16 21:54 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-16 21:54 - 2017-05-16 21:54 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-16 21:52 - 2017-05-16 21:52 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-16 21:49 - 2017-05-16 21:50 - 00189044 _____ C:\TDSSKiller.3.1.0.15_16.05.2017_21.49.19_log.txt
2017-05-16 21:40 - 2017-05-16 21:40 - 00189044 _____ C:\TDSSKiller.3.1.0.15_16.05.2017_21.40.03_log.txt
2017-05-16 20:46 - 2017-05-16 21:55 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-16 20:43 - 2017-05-16 21:52 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-16 20:43 - 2017-05-16 20:43 - 06919904 _____ (AVAST Software) C:\Users\KATY\Downloads\avast_free_antivirus_setup_online.exe
2017-05-16 20:29 - 2017-05-16 20:29 - 08544408 _____ (AVAST Software) C:\Users\Scott Woodward\Downloads\avastclear.exe
2017-05-16 19:23 - 2017-05-18 17:32 - 00001017 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-16 19:23 - 2017-05-16 20:19 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-16 19:23 - 2017-05-16 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-16 19:23 - 2017-05-16 19:23 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-16 17:43 - 2017-05-16 17:44 - 35357312 _____ (Adlice Software ) C:\Users\Scott Woodward\Downloads\RogueKiller_setup.exe
2017-05-16 17:37 - 2017-05-16 17:37 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-16 17:37 - 2017-05-16 17:36 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-16 16:20 - 2017-05-16 16:20 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 16:19 - 2017-05-16 16:19 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-16 16:19 - 2017-05-16 16:19 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-16 16:18 - 2017-05-16 16:19 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\Deployment
2017-05-16 16:18 - 2017-05-16 16:18 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\Apps\2.0
2017-05-16 14:34 - 2017-05-16 16:20 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-16 14:27 - 2017-05-16 15:51 - 00000000 ____D C:\Users\KATY\AppData\Local\AvgSetupLog
2017-05-16 14:17 - 2017-05-16 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-05-16 14:17 - 2017-05-16 14:17 - 00000000 ____D C:\Program Files\VS Revo Group
2017-05-16 14:07 - 2017-05-16 14:14 - 00000000 ____D C:\AVG_Remover
2017-05-16 13:40 - 2017-05-16 13:38 - 07986864 _____ ( ) C:\Users\KATY\Downloads\AVG_Remover (1).exe
2017-05-15 11:00 - 2017-05-15 11:00 - 00195451 _____ C:\Users\Scott Woodward\Downloads\Dr Maudsley.pdf
2017-05-15 10:59 - 2017-05-15 10:59 - 00560870 _____ C:\Users\Scott Woodward\Downloads\Collins, Radleigh & Anderson.pdf
2017-05-15 10:59 - 2017-05-15 10:59 - 00526146 _____ C:\Users\Scott Woodward\Downloads\Billy & Maeve.pdf
2017-05-14 12:36 - 2017-05-16 21:52 - 00000000 ____D C:\AdwCleaner
2017-05-07 14:38 - 2017-05-07 14:38 - 01663672 _____ (Malwarebytes) C:\Users\Scott Woodward\Desktop\JRT.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-18 17:36 - 2017-01-20 13:56 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job
2017-05-18 17:36 - 2017-01-20 13:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0117av.job
2017-05-18 17:36 - 2016-12-08 17:55 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job
2017-05-18 17:36 - 2016-12-08 17:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1216av.job
2017-05-18 17:36 - 2016-11-14 13:38 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job
2017-05-18 17:36 - 2016-11-14 13:38 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1116av.job
2017-05-18 17:36 - 2016-09-24 18:42 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job
2017-05-18 17:36 - 2016-09-24 18:41 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0916av.job
2017-05-18 17:36 - 2010-07-31 14:49 - 00000000 ____D C:\Users\KATY\AppData\Local\SoftThinks
2017-05-18 17:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-18 17:33 - 2015-01-14 19:14 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-18 17:31 - 2010-10-07 15:22 - 00000000 ____D C:\Windows\Minidump
2017-05-18 00:32 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-18 00:32 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-17 19:54 - 2010-06-12 14:58 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-05-17 19:00 - 2017-04-13 12:55 - 00000000 ____D C:\Users\Scott Woodward\Desktop\KS Masterclass
2017-05-17 18:50 - 2016-08-18 16:46 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Job Stuff
2017-05-17 18:46 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-17 18:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-17 18:45 - 2016-08-18 16:47 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Songs
2017-05-17 16:54 - 2017-01-09 12:14 - 00016784 _____ C:\Users\Scott Woodward\Desktop\Extras.xlsx
2017-05-16 17:17 - 2011-09-17 10:15 - 00000000 ____D C:\Users\KATY\AppData\Local\ElevatedDiagnostics
2017-05-16 16:30 - 2016-08-02 16:53 - 00000000 ____D C:\Users\KATY\AppData\Local\Google
2017-05-16 15:48 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-16 14:25 - 2016-08-18 17:48 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\CrashDumps
2017-05-16 14:25 - 2016-08-18 16:45 - 00000000 ____D C:\Users\Scott Woodward\Desktop\My Documents
2017-05-16 14:25 - 2016-07-27 01:00 - 00000000 ____D C:\Users\KATY\AppData\Local\CrashDumps
2017-05-16 14:25 - 2011-03-29 21:28 - 00000000 ____D C:\ProgramData\Skype
2017-05-16 13:30 - 2016-08-18 16:40 - 00000000 ____D C:\Users\Scott Woodward
2017-05-16 13:25 - 2010-07-31 14:49 - 00000000 ____D C:\Users\KATY
2017-05-16 13:24 - 2015-04-04 17:53 - 00000000 ___SD C:\Windows\system32\GWX
2017-05-16 13:24 - 2014-11-05 20:09 - 00000000 ____D C:\ProgramData\FLEXnet
2017-05-16 13:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-05-16 13:07 - 2016-08-18 16:40 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\Avg
2017-05-13 13:07 - 2011-07-08 23:52 - 00000000 ____D C:\Users\KATY\AppData\Local\Deployment
2017-05-10 15:44 - 2016-08-18 16:47 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Scripts
2017-05-10 15:44 - 2016-08-18 16:46 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Album
2017-05-10 15:30 - 2016-08-18 16:46 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Tracks
2017-05-09 11:27 - 2016-09-25 12:42 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Extra Shots
2017-05-02 15:46 - 2017-01-17 19:35 - 00014336 _____ C:\Users\Scott Woodward\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2012-04-16 15:58 - 2012-09-08 11:04 - 0006228 _____ () C:\Users\KATY\AppData\Roaming\My Profile.xml
2010-08-09 13:52 - 2014-05-14 14:22 - 0000274 _____ () C:\Users\KATY\AppData\Roaming\wklnhst.dat
2011-08-16 16:33 - 2016-05-05 09:47 - 0005632 _____ () C:\Users\KATY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-18 11:28 - 2016-09-04 15:25 - 0007624 _____ () C:\Users\KATY\AppData\Local\Resmon.ResmonCfg
2011-03-29 21:30 - 2011-03-29 21:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-12-16 17:28 - 2013-12-16 17:28 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-06-30 13:48 - 2016-06-30 13:48 - 0001534 _____ () C:\ProgramData\ss.ini
 
Some files in TEMP:
====================
2017-05-18 17:32 - 2015-05-25 19:21 - 1728960 _____ (Microsoft Corporation) C:\Users\KATY\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-15 21:13
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by KATY (18-05-2017 17:40:41)
Running from C:\Users\KATY\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-07-31 13:49:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1003 - Limited - Enabled)
KATY (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\KATY
Scott Woodward (S-1-5-21-2882669103-2359843712-3705734191-1005 - Limited - Enabled) => C:\Users\Scott Woodward
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Connect Add-in (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bass Station 2.0 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.0 - Novation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series User Registration (HKLM-x32\...\Canon MP220 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.5.178 - Final Draft, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.10.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.9.0 - Adlice Software)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05027D17-EA8D-42C4-877F-16C2292C29A0} - System32\Tasks\AVG-SSU_1116av_DELETE => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe 
Task: {0DE62D5F-6793-4D9A-A4B5-85203F66EEBD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-16] (AVAST Software)
Task: {27615766-79F8-4532-9BF3-E5A61BE19BC6} - System32\Tasks\AVG-SSU_0117av => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe 
Task: {32CE1B0C-B0FF-4247-9855-9C01279B6CDB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-16] (AVAST Software)
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {3B320F76-B672-4A3F-892E-684B8B275E3F} - System32\Tasks\AVG-SSU_0916av => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe 
Task: {5753B295-55DC-4532-AA64-25F4BABB658E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6823CCA0-9B7C-4F4B-913B-0BEF31B21198} - System32\Tasks\{37D386B3-F131-48D2-9F0F-46F0E5B5FE66} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {6987ADD7-B491-4DB5-B16D-EF1CA7EDD918} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {7389D5E7-5020-4057-A098-5F113E548193} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-16] (Google Inc.)
Task: {7D0D10C7-007F-4BE4-813E-A45563CB3AC9} - System32\Tasks\AVG-SSU_1116av => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe 
Task: {7D90AE41-6846-45F6-AF4E-D58D3F40D5F9} - System32\Tasks\AVG-SSU_0117av_DELETE => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe 
Task: {92EC80B4-06EE-4FB4-9146-0B36BDA514E4} - System32\Tasks\AVG-SSU_1216av_DELETE => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe 
Task: {9803F348-63AA-426C-BD39-23FA9DBA9773} - System32\Tasks\AVG-SSU_1216av => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe 
Task: {A3148A0E-14DE-41A6-B434-0F937B2D233B} - System32\Tasks\AVG-SSU_0916av_DELETE => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe 
Task: {ADC1B254-1238-4558-8383-F638604A462D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
Task: {E44F9CA9-7EBE-4753-A9EE-2D8A88C8D54A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-16] (Google Inc.)
Task: {F7109B76-4CA3-4AEB-B16D-8A9BAB26AF71} - System32\Tasks\{9DFCF029-FD9C-4B80-B326-909827D973B2} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG-SSU_0117av.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-06-12 14:49 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-12 14:49 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-06-12 14:59 - 2010-07-21 16:36 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2017-05-16 21:54 - 2017-05-16 21:54 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-16 21:54 - 2017-05-16 21:54 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-16 21:54 - 2017-05-16 21:54 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-18 17:21 - 2017-05-18 17:21 - 06084096 _____ () C:\Program Files\AVAST Software\Avast\defs\17051802\algo.dll
2017-05-16 21:54 - 2017-05-16 21:54 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-06-12 14:59 - 2010-07-21 16:34 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-06-12 14:59 - 2010-07-21 16:34 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2017-05-16 21:54 - 2017-05-16 21:54 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-16 21:54 - 2017-05-16 21:54 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-08-13 21:29 - 00000747 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^KATY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: googletalk => C:\Users\KATY\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CCE02BA2-9890-4424-BEFB-7BE1B33B1615}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [TCP Query User{C3497406-DB8E-417F-A796-176A9193FAF6}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{00AB1F7E-C188-4D46-B58A-D1BBDF63ED7D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{659F921F-9AB9-4A3D-9234-A2BC81052E36}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1C7B341E-D8B7-4619-9614-EE3BAF843B01}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{BA940B3C-75F8-47B9-AED3-20988028D0D7}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{C386B939-0FDC-42AE-9931-9C95029F1A8D}C:\users\scott woodward\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\scott woodward\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{839B1729-4EDC-46EB-93FA-12F94FB907B6}C:\users\scott woodward\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\scott woodward\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EF8F51E0-3DA3-466F-8E71-D722A14F9592}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-05-2017 21:07:17 JRT Pre-Junkware Removal
16-05-2017 12:35:02 JRT Pre-Junkware Removal
16-05-2017 13:17:34 Restore Operation
16-05-2017 14:18:34 Revo Uninstaller's restore point - RogueKiller version 12.10.7.0
16-05-2017 15:42:41 Revo Uninstaller's restore point - AVG Protection
16-05-2017 15:43:34 Revo Uninstaller's restore point - AVG
16-05-2017 15:44:00 Revo Uninstaller's restore point - AVG Protection
16-05-2017 15:46:34 Revo Uninstaller's restore point - AVG
16-05-2017 15:49:14 Revo Uninstaller's restore point - AVG
16-05-2017 15:54:37 Revo Uninstaller's restore point - Google Chrome
16-05-2017 16:06:54 Revo Uninstaller's restore point - Reimage Repair
16-05-2017 20:22:56 Revo Uninstaller's restore point - Avast Free Antivirus
16-05-2017 21:22:37 Revo Uninstaller's restore point - Avast Free Antivirus
16-05-2017 21:30:41 Revo Uninstaller's restore point - Avast Free Antivirus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/17/2017 08:17:00 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2.
Invalid Xml syntax.
 
Error: (05/17/2017 05:37:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1040
 
Start Time: 01d2cf2b0880ed9c
 
Termination Time: 15
 
Application Path: E:\FRST64.exe
 
Report Id: 1974197b-3b1f-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 05:26:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: da0
 
Start Time: 01d2cf29e9885a2e
 
Termination Time: 0
 
Application Path: C:\Users\KATY\Desktop\FRST64.exe
 
Report Id: 9a27180a-3b1d-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 05:20:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1374
 
Start Time: 01d2cf27eb955a16
 
Termination Time: 31
 
Application Path: C:\Users\Scott Woodward\Desktop\FRST64.exe
 
Report Id: c71e047b-3b1c-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 05:08:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.5.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 107c
 
Start Time: 01d2cf27044fb506
 
Termination Time: 16
 
Application Path: C:\Users\Scott Woodward\Desktop\FRST64.exe
 
Report Id: 0aa01564-3b1b-11e7-9e5a-a4badbca99ed
 
Error: (05/17/2017 04:35:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2.
Invalid Xml syntax.
 
Error: (05/16/2017 09:55:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/16/2017 09:30:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8e03e45b-4afb-4ec6-a4af-a518bd102ee8}
 
Error: (05/16/2017 09:27:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/16/2017 09:22:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a7c95bb9-69f9-4300-b770-2e9d5d878444}
 
 
System errors:
=============
Error: (05/18/2017 05:32:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/18/2017 05:32:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (05/18/2017 05:32:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error Code: 21
 
Error: (05/18/2017 05:32:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/18/2017 05:31:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (05/18/2017 05:31:46 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000101 (0x0000000000000061, 0x0000000000000000, 0xfffff880009e7180, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051817-21543-01.
 
Error: (05/18/2017 05:31:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:29:35 on ‎18/‎05/‎2017 was unexpected.
 
Error: (05/18/2017 05:21:02 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/17/2017 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2015-01-16 13:42:59.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 13:42:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 4056.36 MB
Available physical RAM: 2822.67 MB
Total Virtual: 8110.93 MB
Available Virtual: 6842.5 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:133.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 PM

Posted 19 May 2017 - 07:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Chrome Web Store Payments) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys 
Task: {05027D17-EA8D-42C4-877F-16C2292C29A0} - System32\Tasks\AVG-SSU_1116av_DELETE => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: {27615766-79F8-4532-9BF3-E5A61BE19BC6} - System32\Tasks\AVG-SSU_0117av => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: {3B320F76-B672-4A3F-892E-684B8B275E3F} - System32\Tasks\AVG-SSU_0916av => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: {7D0D10C7-007F-4BE4-813E-A45563CB3AC9} - System32\Tasks\AVG-SSU_1116av => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: {7D90AE41-6846-45F6-AF4E-D58D3F40D5F9} - System32\Tasks\AVG-SSU_0117av_DELETE => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: {92EC80B4-06EE-4FB4-9146-0B36BDA514E4} - System32\Tasks\AVG-SSU_1216av_DELETE => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: {9803F348-63AA-426C-BD39-23FA9DBA9773} - System32\Tasks\AVG-SSU_1216av => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: {A3148A0E-14DE-41A6-B434-0F937B2D233B} - System32\Tasks\AVG-SSU_0916av_DELETE => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_0117av.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
2017-05-18 17:36 - 2017-01-20 13:56 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job
2017-05-18 17:36 - 2017-01-20 13:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0117av.job
2017-05-18 17:36 - 2016-12-08 17:55 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job
2017-05-18 17:36 - 2016-12-08 17:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1216av.job
2017-05-18 17:36 - 2016-11-14 13:38 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job
2017-05-18 17:36 - 2016-11-14 13:38 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1116av.job
2017-05-18 17:36 - 2016-09-24 18:42 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job
2017-05-18 17:36 - 2016-09-24 18:41 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0916av.job


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.

#7 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 19 May 2017 - 08:58 AM

Hi Nasdaq,
Thanks for the quick reply. Here is the log......
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by KATY (19-05-2017 14:53:57) Run:1
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY (Available Profiles: KATY & Scott Woodward)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Chrome Web Store Payments) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys 
Task: {05027D17-EA8D-42C4-877F-16C2292C29A0} - System32\Tasks\AVG-SSU_1116av_DELETE => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: {27615766-79F8-4532-9BF3-E5A61BE19BC6} - System32\Tasks\AVG-SSU_0117av => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: {3B320F76-B672-4A3F-892E-684B8B275E3F} - System32\Tasks\AVG-SSU_0916av => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: {7D0D10C7-007F-4BE4-813E-A45563CB3AC9} - System32\Tasks\AVG-SSU_1116av => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: {7D90AE41-6846-45F6-AF4E-D58D3F40D5F9} - System32\Tasks\AVG-SSU_0117av_DELETE => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: {92EC80B4-06EE-4FB4-9146-0B36BDA514E4} - System32\Tasks\AVG-SSU_1216av_DELETE => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: {9803F348-63AA-426C-BD39-23FA9DBA9773} - System32\Tasks\AVG-SSU_1216av => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: {A3148A0E-14DE-41A6-B434-0F937B2D233B} - System32\Tasks\AVG-SSU_0916av_DELETE => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_0117av.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job => C:\ProgramData\Avg_Update_0117av\AVG-Secure-Search-Update_0117av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job => C:\ProgramData\Avg_Update_0916av\AVG-Secure-Search-Update_0916av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job => C:\ProgramData\Avg_Update_1116av\AVG-Secure-Search-Update_1116av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
Task: C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job => C:\ProgramData\Avg_Update_1216av\AVG-Secure-Search-Update_1216av.exe
2017-05-18 17:36 - 2017-01-20 13:56 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job
2017-05-18 17:36 - 2017-01-20 13:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0117av.job
2017-05-18 17:36 - 2016-12-08 17:55 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job
2017-05-18 17:36 - 2016-12-08 17:55 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1216av.job
2017-05-18 17:36 - 2016-11-14 13:38 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job
2017-05-18 17:36 - 2016-11-14 13:38 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_1116av.job
2017-05-18 17:36 - 2016-09-24 18:42 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job
2017-05-18 17:36 - 2016-09-24 18:41 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0916av.job
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\cleanhlp => key removed successfully
cleanhlp => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05027D17-EA8D-42C4-877F-16C2292C29A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05027D17-EA8D-42C4-877F-16C2292C29A0} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_1116av_DELETE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_1116av_DELETE => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27615766-79F8-4532-9BF3-E5A61BE19BC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27615766-79F8-4532-9BF3-E5A61BE19BC6} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0117av => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0117av => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B320F76-B672-4A3F-892E-684B8B275E3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B320F76-B672-4A3F-892E-684B8B275E3F} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0916av => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0916av => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D0D10C7-007F-4BE4-813E-A45563CB3AC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D0D10C7-007F-4BE4-813E-A45563CB3AC9} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_1116av => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_1116av => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D90AE41-6846-45F6-AF4E-D58D3F40D5F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D90AE41-6846-45F6-AF4E-D58D3F40D5F9} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0117av_DELETE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0117av_DELETE => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92EC80B4-06EE-4FB4-9146-0B36BDA514E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92EC80B4-06EE-4FB4-9146-0B36BDA514E4} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_1216av_DELETE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_1216av_DELETE => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9803F348-63AA-426C-BD39-23FA9DBA9773} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9803F348-63AA-426C-BD39-23FA9DBA9773} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_1216av => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_1216av => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3148A0E-14DE-41A6-B434-0F937B2D233B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3148A0E-14DE-41A6-B434-0F937B2D233B} => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0916av_DELETE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0916av_DELETE => key removed successfully
C:\Windows\Tasks\AVG-SSU_0117av.job => moved successfully
C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job => moved successfully
C:\Windows\Tasks\AVG-SSU_0916av.job => moved successfully
C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job => moved successfully
C:\Windows\Tasks\AVG-SSU_1116av.job => moved successfully
C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job => moved successfully
C:\Windows\Tasks\AVG-SSU_1216av.job => moved successfully
C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job => moved successfully
"C:\Windows\Tasks\AVG-SSU_0117av_DELETE.job" => not found.
"C:\Windows\Tasks\AVG-SSU_0117av.job" => not found.
"C:\Windows\Tasks\AVG-SSU_1216av_DELETE.job" => not found.
"C:\Windows\Tasks\AVG-SSU_1216av.job" => not found.
"C:\Windows\Tasks\AVG-SSU_1116av_DELETE.job" => not found.
"C:\Windows\Tasks\AVG-SSU_1116av.job" => not found.
"C:\Windows\Tasks\AVG-SSU_0916av_DELETE.job" => not found.
"C:\Windows\Tasks\AVG-SSU_0916av.job" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4302458 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2649012 B
Edge => 0 B
Chrome => 10544837 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100755 B
systemprofile32 => 424 B
LocalService => 66228 B
NetworkService => 37050 B
KATY => 2152557 B
Scott Woodward => 255333 B
 
RecycleBin => 59247 B
EmptyTemp: => 27.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:54:28 ====


#8 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 19 May 2017 - 09:33 AM

It seems to be running ok now. No problems that I can see.

Do I need to delete anything, or reinstall anything for security?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 PM

Posted 20 May 2017 - 07:20 AM




Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature ‘Remove disinfection tools’ and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.
===

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature ‘Remove disinfection tools’ and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.

---

#10 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 23 May 2017 - 04:49 PM

Computer is much improved. Thank you very much Nasdaq!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 PM

Posted 24 May 2017 - 06:42 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users