Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scan found 2 unknown trojans, pc barely works


  • This topic is locked This topic is locked
39 replies to this topic

#1 dman_starr

dman_starr

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 24 July 2017 - 11:47 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017

Ran by Carolyn (administrator) on CAROLYN-PC (24-07-2017 11:17:00)
Running from C:\Users\Carolyn\Desktop
Loaded Profiles: Carolyn (Available Profiles: Carolyn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2012-08-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-14] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\Run: [Spotify Web Helper] => C:\Users\Carolyn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd)
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\Run: [PrinterProDesktop] => C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{37A50950-4DF4-4D01-9989-9DAC54D2069A}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{61074F89-9281-4274-88F1-6F6677E7C8B7}: [DhcpNameServer] 10.22.16.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\16x9mmyk.default [2017-07-24]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\16x9mmyk.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\16x9mmyk.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\16x9mmyk.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\16x9mmyk.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\16x9mmyk.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\16x9mmyk.default -> about:home
FF Extension: (No Name) - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\16x9mmyk.default\Extensions\abs@avira.com [2017-07-24] [not signed]
FF Extension: (Avast SafePrice) - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\16x9mmyk.default\Extensions\sp@avast.com.xpi [2017-07-14]
FF Extension: (Avast Online Security) - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\16x9mmyk.default\Extensions\wrc@avast.com.xpi [2017-07-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-18] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default [2017-07-24]
CHR Extension: (Google Docs) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-07-14] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-14] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-14] (AVAST Software)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
S2 IVPN Client; C:\Program Files\IVPN Client\IVPN Service.exe [32768 2017-01-15] (IVPN Limited) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-06] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-06] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-06] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-06] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-06] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-06] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-14] (AVAST Software)
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [71168 2010-05-16] (Intel Corporation) [File not signed]
S3 bpmp; C:\Windows\System32\DRIVERS\bpmp.sys [175104 2010-05-16] (Intel Corporation) [File not signed]
S3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81920 2010-05-16] (Intel Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10611552 2010-08-25] (Intel Corporation) [File not signed]
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [289280 2010-08-30] (Intel® Corporation) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 msvad_WaveExtensible; C:\Windows\System32\drivers\outofyourhead.sys [75776 2016-05-09] (Darin Fong Audio LLC)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8593920 2011-05-01] (Intel Corporation) [File not signed]
S3 OOYH2VirtualAudioDriverWdm; C:\Windows\System32\DRIVERS\outofyourhead2.sys [23040 2016-05-09] (Darin Fong Audio LLC.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-24 11:17 - 2017-07-24 11:18 - 00018138 _____ C:\Users\Carolyn\Desktop\FRST.txt
2017-07-24 11:16 - 2017-07-24 11:17 - 00000000 ____D C:\FRST
2017-07-24 11:14 - 2017-07-24 11:14 - 02382336 _____ (Farbar) C:\Users\Carolyn\Desktop\FRST64.exe
2017-07-24 03:06 - 2017-07-24 03:06 - 07322728 _____ (Adobe System Incorporated.) C:\Users\Carolyn\Desktop\AdobeCreativeCloudCleanerTool.exe
2017-07-24 02:57 - 2017-07-24 02:57 - 00003204 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
2017-07-24 02:49 - 2017-07-24 02:49 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-24 02:48 - 2017-07-06 07:07 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-22 22:37 - 2016-10-02 10:48 - 22215518 _____ C:\Users\Carolyn\Desktop\hang me - Copy.wav
2017-07-21 17:04 - 2017-07-21 17:04 - 00000000 ____D C:\Users\Carolyn\AppData\Local\VPNetworkLLC
2017-07-21 17:03 - 2017-07-24 02:43 - 00000000 ____D C:\Program Files\TAP-Windows
2017-07-21 17:03 - 2017-07-21 17:03 - 00000000 ____D C:\Program Files (x86)\VPNetwork LLC
2017-07-14 23:42 - 2017-07-14 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-14 23:41 - 2017-07-14 23:42 - 00000000 ____D C:\Program Files\iTunes
2017-07-14 23:41 - 2017-07-14 23:41 - 00000000 ____D C:\Program Files\iPod
2017-07-14 23:39 - 2017-07-14 23:39 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-07-14 23:36 - 2017-07-14 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-07-14 21:59 - 2017-07-14 21:59 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\AVAST Software
2017-07-14 21:58 - 2017-07-24 02:48 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1500087509
2017-07-14 21:58 - 2017-07-14 21:58 - 00001003 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-07-14 17:56 - 2017-07-14 17:56 - 00007605 _____ C:\Users\Carolyn\AppData\Local\Resmon.ResmonCfg
2017-07-14 15:12 - 2017-07-14 15:12 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-07-14 15:12 - 2017-07-14 15:12 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Avira
2017-07-14 15:10 - 2017-07-15 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-14 15:10 - 2017-07-14 15:13 - 00000000 ____D C:\ProgramData\Avira
2017-07-14 15:10 - 2017-07-14 15:13 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsignef5139ddc3c794a6
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsigneeba5bdc3277f28d
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsign7c6ac8250c2b16cb
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-24 11:01 - 2014-04-16 18:46 - 02625296 _____ C:\Windows\ntbtlog.txt
2017-07-24 04:02 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-24 04:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-07-24 03:33 - 2013-08-14 05:00 - 00000000 ____D C:\Windows\system32\MRT
2017-07-24 03:30 - 2013-07-08 20:59 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-24 03:15 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-24 03:15 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-24 02:57 - 2013-07-07 01:22 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Adobe
2017-07-24 02:48 - 2017-03-12 06:16 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-24 02:48 - 2014-05-19 12:45 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-24 02:45 - 2013-07-05 15:17 - 00000000 ____D C:\Users\Carolyn
2017-07-24 02:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-24 02:43 - 2017-05-29 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 02:43 - 2017-01-29 10:10 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVPN
2017-07-24 02:43 - 2017-01-29 10:10 - 00000000 ____D C:\Program Files\IVPN Client
2017-07-24 02:43 - 2015-12-03 09:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-24 02:43 - 2015-11-26 03:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-24 02:43 - 2015-05-07 15:30 - 00000000 ____D C:\Program Files\Java
2017-07-24 02:43 - 2014-12-10 14:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-24 02:43 - 2014-09-29 08:17 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Spotify
2017-07-24 02:43 - 2014-09-29 08:16 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Spotify
2017-07-24 02:43 - 2014-06-08 21:27 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\vlc
2017-07-24 02:43 - 2013-07-23 17:19 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Azureus
2017-07-24 02:43 - 2013-07-07 01:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-24 02:43 - 2013-07-07 01:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-24 02:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2017-07-24 02:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-07-24 02:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-07-24 02:43 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-24 01:40 - 2013-08-29 13:52 - 00000000 ____D C:\Users\Carolyn\Documents\Resume
2017-07-21 20:15 - 2013-07-25 02:52 - 00000000 ____D C:\Users\Carolyn\Documents\Vuze Downloads
2017-07-21 03:19 - 2016-11-18 09:44 - 00000000 ____D C:\Users\Carolyn\AppData\LocalLow\Mozilla
2017-07-15 00:28 - 2015-12-03 09:24 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-15 00:28 - 2015-04-08 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-15 00:28 - 2014-06-11 14:05 - 00000000 ____D C:\Users\Carolyn\Documents\Computer Health
2017-07-15 00:28 - 2013-07-21 21:49 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-15 00:28 - 2013-07-21 21:49 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-15 00:27 - 2016-01-13 12:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-15 00:27 - 2013-07-07 01:23 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Macromedia
2017-07-15 00:04 - 2013-10-28 12:52 - 00000000 ____D C:\Windows\Minidump
2017-07-14 23:41 - 2013-11-22 12:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-07-14 23:36 - 2016-04-10 21:28 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-14 23:36 - 2016-04-10 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-14 23:36 - 2016-04-10 21:28 - 00000000 ____D C:\Program Files\WinRAR
2017-07-14 23:36 - 2014-01-22 22:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-07-14 23:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2017-07-14 23:14 - 2013-11-12 19:09 - 00000000 ____D C:\Program Files\COMODO
2017-07-14 22:38 - 2014-06-21 13:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-14 21:58 - 2016-06-15 13:32 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-14 21:56 - 2014-06-10 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-14 21:34 - 2016-08-19 17:34 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-07-14 21:34 - 2014-05-19 12:45 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-14 21:33 - 2014-05-19 12:45 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.150008605446906
2017-07-14 21:31 - 2013-07-05 15:38 - 00109688 _____ C:\Users\Carolyn\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-14 21:31 - 2009-07-14 00:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-14 04:27 - 2017-03-19 14:01 - 00000000 ____D C:\Program Files\Adobe
2017-07-14 04:27 - 2015-05-25 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2017-07-14 04:27 - 2015-05-25 13:14 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-07-14 04:27 - 2013-12-08 01:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-14 04:27 - 2013-07-05 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-07-14 04:27 - 2013-07-05 15:48 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Intel
2017-07-14 04:27 - 2013-07-05 15:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2017-07-14 04:27 - 2013-07-05 15:47 - 00000000 ____D C:\ProgramData\Intel
2017-07-14 04:27 - 2013-07-05 15:47 - 00000000 ____D C:\Program Files\Intel
2017-07-14 04:27 - 2013-07-05 15:47 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-07-14 04:27 - 2013-07-05 15:47 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-07-11 23:26 - 2013-07-07 01:22 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 23:26 - 2013-07-07 01:22 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 23:26 - 2013-07-07 01:22 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 20:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-11 13:02 - 2013-07-07 01:18 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-11 12:00 - 2016-05-31 16:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-07 22:56 - 2017-01-29 11:21 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Kodi
2017-07-07 11:28 - 2015-04-26 20:03 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-07-06 07:08 - 2014-05-19 12:45 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe840e8d68dd9ae15.tmp
2017-07-06 07:07 - 2017-03-12 06:16 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-06 07:07 - 2017-03-12 06:16 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw8abeb45c22b6aabf.tmp
2017-07-06 07:07 - 2017-03-12 06:16 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-06 07:07 - 2017-03-12 06:16 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswa16fd07fa6046e60.tmp
2017-07-06 07:07 - 2017-03-12 06:16 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-06 07:07 - 2017-03-12 06:16 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw30d6db1be7e836ce.tmp
2017-07-06 07:07 - 2017-03-12 06:16 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-06 07:07 - 2017-03-12 06:16 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw914706db7ed0fd69.tmp
2017-07-06 07:07 - 2016-06-14 16:41 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-06 07:07 - 2016-06-14 16:41 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\asw900322a5acee19ba.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-06 07:07 - 2014-05-19 12:45 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6d2af89d56d44b03.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-06 07:07 - 2014-05-19 12:45 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa5c3ee355d932ddf.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149934289455706
2017-07-06 07:07 - 2014-05-19 12:45 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-06 07:07 - 2014-05-19 12:45 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf10e557f3967c939.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150088252493308
2017-07-06 07:07 - 2014-05-19 12:45 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe667ceb833002ada.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-06 07:07 - 2014-05-19 12:45 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe582e268a6826a90.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-06 07:07 - 2014-05-19 12:45 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4ee12d105ce93d3c.tmp
2017-07-06 07:07 - 2014-05-19 12:45 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-06 07:07 - 2014-05-19 12:45 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\asw44689ea734cf2351.tmp
2017-07-04 13:43 - 2014-05-19 12:45 - 00158888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb9906397717ed03c.tmp
2017-06-30 18:30 - 2016-11-17 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-30 11:05 - 2013-11-15 19:40 - 00000000 ____D C:\ProgramData\Skype
2017-06-27 13:18 - 2013-07-07 01:23 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2017-07-14 17:56 - 2017-07-14 17:56 - 0007605 _____ () C:\Users\Carolyn\AppData\Local\Resmon.ResmonCfg
2013-09-03 00:06 - 2013-09-03 00:06 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-06 13:52 - 2015-04-06 13:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 14:02
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Carolyn (24-07-2017 11:18:39)
Running from C:\Users\Carolyn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-05 20:17:37)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2927551588-4055961140-2169513520-500 - Administrator - Disabled)
Carolyn (S-1-5-21-2927551588-4055961140-2169513520-1000 - Administrator - Enabled) => C:\Users\Carolyn
Guest (S-1-5-21-2927551588-4055961140-2169513520-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.9 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.1 - )
ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Fender FUSE (HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\3322699620.fuse.fender.com) (Version:  - fuse.fender.com)
Fender FUSE 2.7.1.48 (HKLM-x32\...\Fender FUSE) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Harman How To Listen (Public) 2.0.4 (HKLM-x32\...\{232C7448-F45A-422C-B914-E252126C2B08}_is1) (Version:  - Harman International Industries Inc.)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
IVPN Client (HKLM\...\IVPN Client) (Version: 2.6.2 - IVPN Limited)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kodi (HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\Kodi) (Version:  - XBMC-Foundation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniDSP-2waySUBAdv (HKLM-x32\...\{0145CE7B-B1E5-8A73-935A-4FBCAE6CA146}) (Version: 1.09 - UNKNOWN) Hidden
MiniDSP-2waySUBAdv (HKLM-x32\...\MiniDSP-2waySUBAdv.93B26324F3B23983B479A8A5CBA0BA67786239FC.1) (Version: v1.09 - UNKNOWN)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
Node.js (HKLM\...\{F932CDD5-CC39-4E3C-B963-2299E09DE082}) (Version: 6.10.1 - Node.js Foundation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
Printer Pro Desktop (HKLM-x32\...\PrinterProDesktop) (Version:  - Readdle)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
Room EQ Wizard (HKLM-x32\...\RoomEQWizardV5.1) (Version:  - John Mulcahy)
Room EQ Wizard 5.14 (HKLM-x32\...\4549-9647-2313-4375) (Version: 5.14 - John Mulcahy)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Carolyn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Carolyn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Carolyn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Carolyn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-14] (AVAST Software)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-14] (AVAST Software)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2014-08-11] (Apple Inc.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-14] (AVAST Software)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-07-02] (NVIDIA Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-14] (AVAST Software)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15FB8E21-1B51-41FE-80CE-B94F481692E6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {1746C15D-3357-497C-A816-42EF083029A5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {2A7A9EC1-79EA-417E-9D52-F7364EC5A440} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {3EF2E521-D330-4335-8420-A85D1A1EFC48} - System32\Tasks\{DDB0278A-FBD6-4470-BBB0-8FF612BC4F50} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carolyn\AppData\Local\Temp\Temp1_Battery_Life_Extender_1.0.0.8 (1).ZIP\SetupW.exe" <==== ATTENTION
Task: {55E79962-6DA9-44FB-A51F-F6B91834D54E} - System32\Tasks\{A3A50BB2-2AD4-4CB9-B66E-01F1CB02048A} => C:\Windows\system32\pcalua.exe -a "F:\New folder\Touchpad_2.6.0.0\Elan\Setup.exe" -d "F:\New folder\Touchpad_2.6.0.0\Elan"
Task: {618F3442-C447-4B9B-B972-3A33D0DD84FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {6BAC6D20-31D6-4C0A-A082-D2A2BC854181} - System32\Tasks\SafeZone scheduled Autoupdate 1466015535 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {6D3B1248-67A7-4F44-ABF4-1129DC635695} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {75AAA392-FD92-4F56-82AF-7C2D5F8F5A0F} - System32\Tasks\{2816F19E-33E9-4DA8-A170-06ED48A9C2D8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Room EQ Wizard V5\Uninstall.exe" -d "C:\Program Files (x86)\Room EQ Wizard V5"
Task: {7C58AB77-6433-4624-AC98-9C9F1CC410EF} - System32\Tasks\SafeZone scheduled Autoupdate 1500087509 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {9606EB6E-546B-4566-B18A-F490AF737761} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-12-09] (Adobe Systems Incorporated)
Task: {AC16C2F2-0734-4853-8DF4-FD13AB3AC49B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-06] (AVAST Software)
Task: {B06E2486-094C-4B39-BA23-76BB261CB79A} - System32\Tasks\AdobeAAMUpdater-1.0-Carolyn-PC-Carolyn => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {B7D994CE-0C54-4CF6-A41F-22F5DA3821A2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {C5A96177-C8B2-41F5-965B-8850C5787A25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D510479C-0D13-4992-8952-A30F5B16D9E7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {DAC0826F-7B30-430F-80F7-AB1F3B55911B} - System32\Tasks\{80AFA3D4-0F0F-4099-AE69-0CCD6FF41090} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {E622D850-93F4-472C-A13E-835F176FDA13} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {F2FBAA79-59E3-45FC-B0E8-D7395DEEB88F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {FBFC57E7-A1E5-4F0E-82A6-ED96AB62F634} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-06-27 13:18 - 2017-06-22 22:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-27 13:18 - 2017-06-22 22:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-06-11 13:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: IVPN Client Runtime Warmup => "C:\Program Files\IVPN Client\IVPN Client.exe" /WARMUP
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5E9C0AB6-19A5-40EF-A334-CFD3FB802A7A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{881B7D93-6FD2-4A0B-89BD-EEBA4DB7408E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{6BE1E4BD-7B0C-4D37-B151-423D3759ED7C}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F09FCD15-0847-468E-B0E5-4E727068067F}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [TCP Query User{A36B571B-4AC4-4627-854A-749DFF1889B8}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe
FirewallRules: [UDP Query User{F1A293CD-DB3C-4362-9D3C-EDC90E9A3A63}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe
FirewallRules: [TCP Query User{72827E8C-40EA-470E-8CAB-AF3B361D8048}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{124B7C5E-2A31-4FD9-B49F-A896498484EF}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{8E3E8B9C-3EEE-4722-9F8E-1B21497A9E83}] => (Allow) C:\Users\Carolyn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{60CFCC43-1E98-47D8-9A8D-FA4C77B24FB2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A6DE9C00-D913-4E9B-80DB-365C9FB3D7D8}] => (Allow) LPort=2869
FirewallRules: [{4670A932-F53F-403E-9D66-2287C070B67D}] => (Allow) LPort=1900
FirewallRules: [{2D3A64C5-876E-4EC0-B17B-9AAC37B25692}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EB5A5409-E8A0-40FD-B6A2-AE89B9FAF902}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{97C9CC78-4974-467E-AD58-CF939AABF786}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{4DD844B9-4142-446B-9518-5B9EC097BFF8}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{62345037-C0FD-4CB7-892B-776DF58C2C33}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{48DE4106-28D3-4549-97DE-A80A6690E75B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C95063F9-7E1B-4EC0-BE56-7904DDA373E0}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{76126BD0-41AA-442F-87D7-9A4DF23081F3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{40E00C06-EA1A-47EA-B700-6E961629058C}C:\users\carolyn\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\carolyn\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5EF5188A-C541-4034-9D1F-8A54562C19DC}C:\users\carolyn\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\carolyn\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B9703AC2-2A31-4FED-A976-86DDA2ACA589}C:\users\carolyn\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\carolyn\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6601CCB3-C9D6-4737-850C-7908ADE1988B}C:\users\carolyn\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\carolyn\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B039FC3B-94D6-4ECC-8410-8340126DC415}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E06DF97F-4271-482F-B443-6898CAF7B1F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86F35B42-3911-471D-9FFA-646AEC5479C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5081137A-3C6D-49F7-B780-CC22A0F074A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5783371D-3489-4F9E-8E2C-70D5E7827290}] => (Allow) LPort=33300
FirewallRules: [{C9C43440-97BF-48D5-ADE3-7D9BB2C69715}] => (Allow) C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe
FirewallRules: [{F1110323-2D17-402A-8F67-62F410F1D5E1}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0F2D038D-1FA0-48F9-8C33-A53FCB8FFA0A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{AA461BC3-6D91-483D-8A26-0D2EA6C2868A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3721456-A1B7-47E2-A0F2-C26C0FF012CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AD3E605-F90A-4379-A46D-2351210EDF7F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D2500E34-5646-4CC3-BDC6-6EC68D987549}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9C6394A9-4235-4EF2-BE46-322297DE52C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD4A461E-514C-4463-A841-39B78162F914}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EDFF245-F837-432E-A102-56C89F376754}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD9FD428-5807-4770-AE81-F756FDE63346}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E95EFD96-4414-4527-843D-53149DBDAB00}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{291DC0D3-D249-4860-802D-91BD25A4F8E6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{CEDC94D3-0865-4F0F-A055-BE95FC977485}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{706E6EE6-D21C-408A-9B2F-54F937415EE7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607_0\SZBrowser.exe
FirewallRules: [TCP Query User{5FCEDE8D-72F4-4C31-9AB4-7CA55DB0B28A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{2F487156-3CD1-441D-95B8-DF3B2C79B2F5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{F123F27A-59E6-464D-A25A-DC1A58FC25AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{ABAF07EA-DB63-492E-B05E-02DA1CA0CC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{301D142F-66A0-477F-9C40-977065275471}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CDD71A87-55FE-43ED-BD57-FB6A27FCB82A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{AC856996-85F9-4C07-9F25-6406F46D3ED0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6480501A-DD1C-4156-981D-88653F672F9B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B25F64E0-0A3D-4A5D-940C-9C638A139B50}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
 
==================== Restore Points =========================
 
15-07-2017 04:58:50 Scheduled Checkpoint
15-07-2017 13:00:44 Windows Update
21-07-2017 17:03:41 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
21-07-2017 21:08:54 Removed Adobe Acrobat Reader DC.
24-07-2017 02:36:18 Restore Operation
24-07-2017 03:26:20 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2017 02:45:47 AM) (Source: IVPN Client) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at IVPN.Server.Start()
   at IVPN.IVPNService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (07/21/2017 09:57:19 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={FB48687A-A39B-4220-B2B9-3F2E74868C64}: The user Carolyn-PC\Carolyn dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (07/21/2017 09:56:51 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={CFBDD2C6-0D3C-4B01-9636-296A065A761D}: The user Carolyn-PC\Carolyn dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (07/21/2017 07:26:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TorGuardDesktopQt.exe, version: 0.0.0.0, time stamp: 0x59136124
Faulting module name: Qt5Core.dll, version: 5.7.1.0, time stamp: 0x583ffb6c
Exception code: 0xc0000005
Fault offset: 0x000011d4
Faulting process id: 0xbbf46c
Faulting application start time: 0x01d3027fb521a1a3
Faulting application path: C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe
Faulting module path: C:\Program Files (x86)\VPNetwork LLC\TorGuard\Qt5Core.dll
Report Id: 5a88ebc9-6e74-11e7-8a58-949a7a95bda2
 
Error: (07/21/2017 05:25:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6
Faulting module name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6
Exception code: 0xc0000409
Fault offset: 0x00000000000437c3
Faulting process id: 0x6dc
Faulting application start time: 0x01d2fdb96855eff3
Faulting application path: C:\Program Files\Bonjour\mDNSResponder.exe
Faulting module path: C:\Program Files\Bonjour\mDNSResponder.exe
Report Id: 901a70ea-6e63-11e7-8a58-949a7a95bda2
 
Error: (07/14/2017 11:39:36 PM) (Source: MsiInstaller) (EventID: 11721) (User: Carolyn-PC)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
 
Error: (03/28/2017 11:32:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 353592
 
Error: (03/28/2017 11:32:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 353592
 
Error: (03/28/2017 11:32:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/28/2017 11:26:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6287
 
 
System errors:
=============
Error: (07/24/2017 11:01:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (07/24/2017 04:34:54 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (07/24/2017 04:22:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/24/2017 04:22:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/24/2017 03:57:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21
 
Error: (07/24/2017 03:57:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
discache
SABI
SASDIFSV
SASKUTIL
spldr
Wanarpv6
 
Error: (07/24/2017 03:57:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:55:32 AM on ‎7/‎24/‎2017 was unexpected.
 
Error: (07/24/2017 03:36:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21
 
Error: (07/24/2017 03:35:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
discache
SABI
SASDIFSV
SASKUTIL
spldr
Wanarpv6
 
Error: (07/24/2017 02:58:03 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-24 02:26:05.401
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bpusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:26:05.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bpusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:37.025
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:36.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:35.480
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bpenum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:35.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bpenum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:35.153
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:35.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:34.888
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NETwNs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-24 02:25:34.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NETwNs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 13%
Total physical RAM: 7978.09 MB
Available physical RAM: 6895.19 MB
Total Virtual: 15954.36 MB
Available Virtual: 15009.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:221.62 GB) (Free:65.59 GB) NTFS
Drive d: () (Fixed) (Total:244.04 GB) (Free:243.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 284DD04D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 AM

Posted 26 July 2017 - 04:14 PM

Greetings dman_starr and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please describe "barely works."

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
S3 OOYH2VirtualAudioDriverWdm; C:\Windows\System32\DRIVERS\outofyourhead2.sys [23040 2016-05-09] (Darin Fong Audio LLC.)
C:\Windows\System32\DRIVERS\outofyourhead2.sys
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsignef5139ddc3c794a6
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsigneeba5bdc3277f28d
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsign7c6ac8250c2b16cb
C:\Windows\system32\Drivers\asw*.tmp
Task: {3EF2E521-D330-4335-8420-A85D1A1EFC48} - System32\Tasks\{DDB0278A-FBD6-4470-BBB0-8FF612BC4F50} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carolyn\AppData\Local\Temp\Temp1_Battery_Life_Extender_1.0.0.8 (1).ZIP\SetupW.exe" <==== ATTENTION
Folder: C:\Windows\L2Schemas
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#3 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 July 2017 - 11:16 AM

# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 27 15:30:53 2017
# Updated on 2017/17/07 by Malwarebytes 
# Database: 07-24-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Users\Carolyn\AppData\Roaming\Update Manager
PUP.Optional.Legacy, C:\Users\Carolyn\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Users\Carolyn\AppData\Roaming\Yahoo!\Companion
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d341y4dudrfjax.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d341y4dudrfjax.cloudfront.net
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Bitberry
PUP.Optional.Legacy, [Key] - HKCU\Software\Bitberry
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
 
 
***** [ Firefox (and derivatives) ] *****
 
SearchProvider found: search.avira.com - Avira SafeSearch
 
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider found: AOL - aol.com
SearchProvider found: Ask - ask.com
SearchProvider found: Conduit Search - conduit.search
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017
Ran by Carolyn (27-07-2017 10:49:35) Run:1
Running from C:\Users\Carolyn\Desktop
Loaded Profiles: Carolyn (Available Profiles: Carolyn)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-2927551588-4055961140-2169513520-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
S3 OOYH2VirtualAudioDriverWdm; C:\Windows\System32\DRIVERS\outofyourhead2.sys [23040 2016-05-09] (Darin Fong Audio LLC.)
C:\Windows\System32\DRIVERS\outofyourhead2.sys
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsignef5139ddc3c794a6
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsigneeba5bdc3277f28d
2017-07-10 21:49 - 2017-07-10 21:49 - 00000000 ____D C:\Users\Carolyn\AppData\Local\Tempzxpsign7c6ac8250c2b16cb
C:\Windows\system32\Drivers\asw*.tmp
Task: {3EF2E521-D330-4335-8420-A85D1A1EFC48} - System32\Tasks\{DDB0278A-FBD6-4470-BBB0-8FF612BC4F50} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carolyn\AppData\Local\Temp\Temp1_Battery_Life_Extender_1.0.0.8 (1).ZIP\SetupW.exe" <==== ATTENTION
Folder: C:\Windows\L2Schemas
emptytemp:
 
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-2927551588-4055961140-2169513520-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\livecall => key removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\msnim => key removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\OOYH2VirtualAudioDriverWdm => key removed successfully
OOYH2VirtualAudioDriverWdm => service removed successfully
C:\Windows\System32\DRIVERS\outofyourhead2.sys => moved successfully
C:\Users\Carolyn\AppData\Local\Tempzxpsignef5139ddc3c794a6 => moved successfully
C:\Users\Carolyn\AppData\Local\Tempzxpsigneeba5bdc3277f28d => moved successfully
C:\Users\Carolyn\AppData\Local\Tempzxpsign7c6ac8250c2b16cb => moved successfully
 
=========== "C:\Windows\system32\Drivers\asw*.tmp" ==========
 
C:\Windows\system32\Drivers\asw126089d2e4c14835.tmp => moved successfully
C:\Windows\system32\Drivers\asw23edbc71fe4265bc.tmp => moved successfully
C:\Windows\system32\Drivers\asw30d6db1be7e836ce.tmp => moved successfully
C:\Windows\system32\Drivers\asw3579a28d98268c30.tmp => moved successfully
C:\Windows\system32\Drivers\asw3a2d0046ff5008fc.tmp => moved successfully
C:\Windows\system32\Drivers\asw43a57da35f23a426.tmp => moved successfully
C:\Windows\system32\Drivers\asw44689ea734cf2351.tmp => moved successfully
C:\Windows\system32\Drivers\asw48691bd7124e2640.tmp => moved successfully
C:\Windows\system32\Drivers\asw4ee12d105ce93d3c.tmp => moved successfully
C:\Windows\system32\Drivers\asw545c16d011e2a0ba.tmp => moved successfully
C:\Windows\system32\Drivers\asw58a14be7430f481e.tmp => moved successfully
C:\Windows\system32\Drivers\asw6d2af89d56d44b03.tmp => moved successfully
C:\Windows\system32\Drivers\asw79647e5fb8ffdd37.tmp => moved successfully
C:\Windows\system32\Drivers\asw8845a9302ace571f.tmp => moved successfully
C:\Windows\system32\Drivers\asw8abeb45c22b6aabf.tmp => moved successfully
C:\Windows\system32\Drivers\asw900322a5acee19ba.tmp => moved successfully
C:\Windows\system32\Drivers\asw914706db7ed0fd69.tmp => moved successfully
C:\Windows\system32\Drivers\aswa16fd07fa6046e60.tmp => moved successfully
C:\Windows\system32\Drivers\aswa5c3ee355d932ddf.tmp => moved successfully
C:\Windows\system32\Drivers\aswb1691711be08f45f.tmp => moved successfully
C:\Windows\system32\Drivers\aswb9906397717ed03c.tmp => moved successfully
C:\Windows\system32\Drivers\aswe582e268a6826a90.tmp => moved successfully
C:\Windows\system32\Drivers\aswe667ceb833002ada.tmp => moved successfully
C:\Windows\system32\Drivers\aswe840e8d68dd9ae15.tmp => moved successfully
C:\Windows\system32\Drivers\aswf10e557f3967c939.tmp => moved successfully
C:\Windows\system32\Drivers\aswfddf07578b1fcdb9.tmp => moved successfully
 
========= End -> "C:\Windows\system32\Drivers\asw*.tmp" ========
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EF2E521-D330-4335-8420-A85D1A1EFC48} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EF2E521-D330-4335-8420-A85D1A1EFC48} => key removed successfully
C:\Windows\System32\Tasks\{DDB0278A-FBD6-4470-BBB0-8FF612BC4F50} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDB0278A-FBD6-4470-BBB0-8FF612BC4F50} => key removed successfully
 
========================= Folder: C:\Windows\L2Schemas ========================
 
2009-07-13 15:39 - 2009-06-10 15:37 - 0003472 _____ () C:\Windows\L2Schemas\LAN_policy_v1.xsd
2009-06-10 15:37 - 2009-06-10 15:37 - 0002241 _____ () C:\Windows\L2Schemas\LAN_profile_v1.xsd
2009-06-10 15:53 - 2009-06-10 15:53 - 0005957 _____ () C:\Windows\L2Schemas\OneX_v1.xsd
2009-07-13 15:39 - 2009-06-10 16:03 - 0007405 _____ () C:\Windows\L2Schemas\WLAN_policy_v1.xsd
2009-06-10 16:03 - 2009-06-10 16:03 - 0015591 _____ () C:\Windows\L2Schemas\WLAN_profile_v1.xsd
2009-07-13 15:39 - 2009-06-10 16:03 - 0007504 _____ () C:\Windows\L2Schemas\WLANAP_profile_v1.xsd
2009-06-10 16:03 - 2009-06-10 16:03 - 0006201 _____ () C:\Windows\L2Schemas\WWAN_profile_v1.xsd
 
====== End of Folder: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21960936 B
Java, Flash, Steam htmlcache => 990 B
Windows/system/drivers => 3515748949 B
Edge => 0 B
Chrome => 310626479 B
Firefox => 152644227 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 1070993 B
NetworkService => 1779426 B
Carolyn => 117225305 B
UpdatusUser => 0 B
 
RecycleBin => 31531 B
EmptyTemp: => 3.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:51:24 ====

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 AM

Posted 27 July 2017 - 02:04 PM

Thank you.
 

 

Update on computer performance

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#5 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 28 July 2017 - 12:57 AM

It's as bad or worse. It boots into 600X800 screen and took a long time to do so. Which is one of the oroblems it had before.

#6 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 28 July 2017 - 01:01 AM

Also, there's no internet unless booted to safe mode with networking. Also, the keyboard types random keystrokes by itself at times. Until I did a system restore shortiy before I started this topic, i couldn't get networking/wifi even in safe mode with networking.

#7 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 28 July 2017 - 01:02 AM

Before we started here, I was getting metworking in regular mode again (after restore). So I'd say it's worse.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 AM

Posted 28 July 2017 - 11:45 AM

Thank you for the update. Please do these things after booting into Safe Mode, as necessary.

===================================================

Troubleshooting Internet Connection Issues

-------------------
  • Click Start, then Run
  • For Windows 8/10 press the Windows key + S at the same time
  • Type Troubleshooting and press Enter
  • Click View all
  • Click Internet Connections
  • Click Advanced and check Apply repairs automatically (should be checked by default)
  • Click Run as administrator
  • Click Next
  • Click Troubleshoot my connection to the Internet
  • If required, allow repairs and report those repairs in your reply
  • Check your Internet access in Normal Boot[/b]
===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files (86)\gsmartcontrol folder
  • Double click the gsmartcontrol application icon
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Internet?
  • Combofix log
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#9 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 30 July 2017 - 06:04 PM

When I first booted back up, no internet in safe mode or otherwise. I tried the troubleshooter sevral times both in safe and regular and no dice.

In device manager it showed ethernet adapter disabled, i tried to reinstall and it couldn't find a driver.

I downloaded combofix from another computer at the link you gave to a flash drive and moved it to my desktop. First time I ran it started to run then stopped and the icon disappeared. Readded to desktop and tried again in regular mode and it ran a long time and never created a log. I has to do a system restore (again) at some point because the computer wouldn't start in normal mode.

I uninstalled my antivirus in case it was interferring a tried combofix a third time in safe mode thia time. It disappeared again.

I got a couple blue screens during this whole process too. : (

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 AM

Posted 30 July 2017 - 06:43 PM

See if you can run the GSmart steps.

What is the model number of your computer.

You are using an ethernet cable and not wireless Internet?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#11 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 30 July 2017 - 07:21 PM

I tried cable and wifi. There is zero signs of it detecting a connection, either way. The pc is a Samsung NP-QX410-S02US. Will try the other right now.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 AM

Posted 30 July 2017 - 07:24 PM

Thanks, I want to take a look at the GSmart report before we do anything else.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#13 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 30 July 2017 - 07:38 PM

The program appears to detect my external HDD which isn't even hooked up right now, but NOT the internal HDD. I also noticed under My computer, there is a drive D: that is basically empty (243GB free of 244) and not the size of either the external (not plugged in) or internal drives. I don't know what that is.

#14 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 30 July 2017 - 07:41 PM

Looking at that D: drive, it has a "recycle bin" folder and a couple of things I can't make out, "system volume information" and a folder of pics that is normally on the external hdd. This doesn't seem normal.

#15 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 30 July 2017 - 07:51 PM

It's plausible that the internal is coincidentally the exact same HDD as the external. My gf doesn't remember the brand of the internal, which was upgraded years ago. I'm running the test on the only drive it's detecting now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users