Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

i am so naive

Started by monomom , Nov 24 2017 11:02 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 monomom

monomom

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:17 AM

Posted 24 November 2017 - 11:02 AM

i allowed my young son to use my computer, i had noticed he downloaded some cartoon porn? i started getting a pop up from "microsoft" stating my computer was infected, this was basically locking up my computer and i couldnt open or close windows etcs, the pop up told me to call a number and they would walk me through the process of removing this virus, my dumb ass did it! i was on the phone with a fake microsoft tech who then remotely accessed my computer for about 10 min before i realized i was being scammed, i hung up, changed all my passwords and freaked out quite a bit, i then asked my 17 yr old if he could remove the virus, he tried a few things before giving up, im not sure if this matters or not but the fake microsoft phone number is 1800-642-7676

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Owner (administrator) on OWNER-PC (24-11-2017 09:46:47)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1544\g2ax_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1544\g2ax_comm_customer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1544\g2ax_system_customer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1544\g2ax_user_customer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-17] (AVAST Software)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-08-03] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\GoToAssist Remote Support Customer\1544\g2ax_winlogonx64.dll (LogMeIn, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\System32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2025064354-3150764831-236609780-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2025064354-3150764831-236609780-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-2025064354-3150764831-236609780-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk [2016-08-06]
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2016-08-06]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{3D4599B8-9034-439C-90B5-9A6B74C06FE6}: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{B6921B3C-B3C2-4B92-B58E-BC72B2A6D229}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{FB9C3B71-159B-4E4C-83C9-C2B24DE4C796}: [DhcpNameServer] 192.168.0.1 205.171.202.166

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2025064354-3150764831-236609780-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-12] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-17] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-17] (AVAST Software)

FireFox:
========
FF DefaultProfile: kh6z2d3z.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kh6z2d3z.default [2017-11-24]
FF Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kh6z2d3z.default\Extensions\sp@avast.com.xpi [2017-11-23]
FF Extension: (Avast Online Security) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kh6z2d3z.default\Extensions\wrc@avast.com.xpi [2017-10-13]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kh6z2d3z.default\features\{e253a0ba-d2bb-4e38-9a61-121a9fd775c4}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-23] [Lagacy]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M47B5CBD3-1C77-4A51-B008-1029015626BD&SearchSource=55&CUI=&UM=8&UP=SPE12CB063-3B69-4EB1-9EB7-780A4CFF5E2E&D=032615&SSPV=","hxxp://search.fantastigames.com/455","hxxp://mystart.incredibar.com/mb185?a=6PQU2wOmuK&i=26","hxxp://search.conduit.com/?ctid=CT3295790&SearchSource=48&CUI=UN24786035625891309&UM=2","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_15_26_j1&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0FyC0DyCyByE0C0C0D0EtN0D0Tzu0StCtByCzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0Bzy0AtBtBtB0AtGtC0B0BzytGtBzzyE0FtGtAtByD0FtG0FzytDtCyE0CyDtD0AtAtDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzz0FyC0B0FtAtAtGyCtB0ByEtGyEzytD0DtGzytB0BtAtGyE0CyD0D0EzztB0AtB0C0C0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBzyyD%26cr%3D1242631359%26a%3Dwncy_dwndlm_15_26_j1%26os%3DWindows 8.1 Connected","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dnldstr_15_30&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0FyC0DyCyByE0C0C0D0EtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCyC0Azz0EyD0AtGtByCyC0FtGtAtDtA0FtGtB0BtDzztGtAtByByDyDyE0D0D0DyEyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0FyEzyyByDyEtGtCyEyDtAtGyEyDtCtDtG0AyE0AzztGyC0CzytAtDzyzy0DyCtCyD0D2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D1142345480%26a%3Dwncy_dnldstr_15_30%26os%3DWindows%2B8.1%2BConnected","hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-11-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-29]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-29]
CHR Extension: (Gun Blood) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2016-07-29]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Trevx - Music Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-10]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-07-29]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-05]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-16]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-16]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-16]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-16]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-16]
CHR Extension: (Login Faster) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flbefbhoeaoaokleoambldklhifcgppg [2016-09-16]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-15]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-10-15]
CHR Extension: (Pokemon Card Maker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klanmedmjgiebagececoekdajmcgmikl [2016-09-16]
CHR Extension: (Generation 4 - Pokédex) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\laoahadaeaefplcjmdnaadilbjeggabe [2016-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-16]
CHR Extension: (3D Bomb Destroyer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2016-09-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-11-05]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-18]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-18]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-18]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-09-18]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-18]
CHR Extension: (Learning Ally Link) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gdicnpbaekbefjanokchpfhnaphfnphl [2017-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-18]
CHR Extension: (Securly for Chromebooks) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iheobagjkfklnlikgihanlhcddjoihkg [2017-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-18]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-18]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-17] (AVAST Software)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1544\g2ax_service.exe [614368 2017-11-24] (LogMeIn, Inc.)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S3 mracsvc; C:\Windows\System32\mracsvc.exe [6053080 2017-11-03] (LLC Mail.Ru)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458808 2016-09-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458808 2016-09-16] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-16] (NVIDIA Corporation)
S2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-17] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-17] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-17] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-17] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-17] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [5280880 2017-11-03] (LLC Mail.Ru)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-24 09:46 - 2017-11-24 09:47 - 000024253 _____ C:\Users\Owner\Downloads\FRST.txt
2017-11-24 09:46 - 2017-11-24 09:46 - 000000000 ____D C:\FRST
2017-11-24 09:45 - 2017-11-24 09:45 - 002393088 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-11-24 09:44 - 2017-11-24 09:44 - 001789440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2017-11-24 09:22 - 2017-11-24 09:22 - 000024206 _____ C:\ComboFix.txt
2017-11-24 09:06 - 2011-06-26 00:45 - 000256000 _____ C:\Windows\PEV.exe
2017-11-24 09:06 - 2010-11-07 11:20 - 000208896 _____ C:\Windows\MBR.exe
2017-11-24 09:06 - 2009-04-19 22:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-11-24 09:06 - 2000-08-30 18:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-11-24 09:06 - 2000-08-30 18:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-11-24 09:06 - 2000-08-30 18:00 - 000098816 _____ C:\Windows\sed.exe
2017-11-24 09:06 - 2000-08-30 18:00 - 000080412 _____ C:\Windows\grep.exe
2017-11-24 09:06 - 2000-08-30 18:00 - 000068096 _____ C:\Windows\zip.exe
2017-11-24 09:05 - 2017-11-24 09:22 - 000000000 ____D C:\Qoobox
2017-11-24 09:04 - 2017-11-24 09:20 - 000000000 ____D C:\Windows\erdnt
2017-11-24 08:15 - 2017-11-24 08:15 - 000001512 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoToAssist Customer.lnk
2017-11-24 08:15 - 2017-11-24 08:15 - 000001482 _____ C:\Users\Owner\Desktop\GoToAssist Customer.lnk
2017-11-24 08:15 - 2017-11-24 08:15 - 000000000 ____D C:\Users\Owner\AppData\Local\GoToAssist Remote Support Customer
2017-11-24 08:15 - 2017-11-24 08:15 - 000000000 ____D C:\Users\Owner\AppData\Local\GoTo Opener
2017-11-24 08:15 - 2017-11-24 08:15 - 000000000 ____D C:\Program Files (x86)\GoToAssist Remote Support Customer
2017-11-24 08:12 - 2017-11-24 08:12 - 000000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-11-23 14:32 - 2017-11-23 14:32 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-22 04:29 - 2017-11-16 22:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-20 10:03 - 2017-11-20 10:04 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-11-19 14:24 - 2017-11-19 14:24 - 000142655 _____ C:\Users\Owner\Desktop\InsuranceIDCard.pdf
2017-11-19 10:46 - 2017-11-19 10:46 - 000927527 _____ C:\Users\Owner\Desktop\(1) HAPPY ACRES NEIGHBORS.html
2017-11-19 10:46 - 2017-11-19 10:46 - 000000000 ____D C:\Users\Owner\Desktop\(1) HAPPY ACRES NEIGHBORS_files
2017-11-17 02:31 - 2017-11-17 02:30 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-17 02:31 - 2017-11-17 02:30 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-14 16:46 - 2017-10-18 01:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-14 16:46 - 2017-10-18 00:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 16:46 - 2017-10-17 20:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 16:46 - 2017-10-17 20:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 16:46 - 2017-10-17 20:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 16:46 - 2017-10-17 20:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-14 16:46 - 2017-10-17 20:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-14 16:46 - 2017-10-17 20:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-14 16:46 - 2017-10-17 20:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-14 16:46 - 2017-10-16 17:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 16:46 - 2017-10-16 15:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 16:46 - 2017-10-14 02:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-14 16:46 - 2017-10-14 02:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-14 16:46 - 2017-10-14 02:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-14 16:46 - 2017-10-14 02:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-14 16:46 - 2017-10-14 02:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-14 16:46 - 2017-10-14 02:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-14 16:46 - 2017-10-14 02:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-14 16:46 - 2017-10-14 02:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-14 16:46 - 2017-10-14 02:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-14 16:46 - 2017-10-14 02:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-14 16:46 - 2017-10-14 02:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-14 16:46 - 2017-10-14 02:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-14 16:46 - 2017-10-14 02:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-14 16:46 - 2017-10-14 02:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-14 16:46 - 2017-10-14 02:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-14 16:46 - 2017-10-14 02:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-14 16:46 - 2017-10-14 02:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-14 16:46 - 2017-10-14 01:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-14 16:46 - 2017-10-14 01:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-14 16:46 - 2017-10-14 01:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-14 16:46 - 2017-10-14 01:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-14 16:46 - 2017-10-14 01:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-14 16:46 - 2017-10-14 01:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-14 16:46 - 2017-10-14 01:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-14 16:46 - 2017-10-14 01:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-14 16:46 - 2017-10-14 01:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-14 16:46 - 2017-10-14 01:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-14 16:46 - 2017-10-14 01:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-14 16:46 - 2017-10-14 01:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-14 16:46 - 2017-10-14 01:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-14 16:46 - 2017-10-14 01:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-14 16:46 - 2017-10-14 01:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-14 16:46 - 2017-10-14 01:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-14 16:46 - 2017-10-14 01:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 16:46 - 2017-10-14 01:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-14 16:46 - 2017-10-14 01:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-14 16:46 - 2017-10-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-14 16:46 - 2017-10-14 00:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 16:46 - 2017-10-14 00:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-14 16:46 - 2017-10-14 00:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-14 16:46 - 2017-10-14 00:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-14 16:46 - 2017-10-14 00:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-14 16:46 - 2017-10-14 00:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 16:46 - 2017-10-14 00:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-14 16:46 - 2017-10-14 00:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-14 16:46 - 2017-10-14 00:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-14 16:46 - 2017-10-14 00:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 16:46 - 2017-10-14 00:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-14 16:46 - 2017-10-14 00:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-14 16:46 - 2017-10-14 00:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-14 16:46 - 2017-10-14 00:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-14 16:46 - 2017-10-14 00:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-14 16:46 - 2017-10-14 00:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-14 16:46 - 2017-10-14 00:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 16:46 - 2017-10-14 00:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-14 16:46 - 2017-10-14 00:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-14 16:46 - 2017-10-14 00:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-14 16:46 - 2017-10-14 00:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-14 16:46 - 2017-10-14 00:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 16:46 - 2017-10-14 00:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 16:46 - 2017-10-14 00:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 16:46 - 2017-10-14 00:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 16:46 - 2017-10-14 00:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-14 16:46 - 2017-10-14 00:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 16:46 - 2017-10-14 00:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 16:46 - 2017-10-14 00:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 16:46 - 2017-10-11 18:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-14 16:46 - 2017-10-11 18:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-14 16:46 - 2017-10-11 18:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-14 16:46 - 2017-10-11 18:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-14 16:46 - 2017-10-11 18:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-14 16:46 - 2017-10-11 18:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-14 16:46 - 2017-10-11 18:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-14 16:46 - 2017-10-11 18:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-14 16:46 - 2017-10-11 18:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-14 16:46 - 2017-10-11 18:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-14 16:46 - 2017-10-11 18:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-14 16:46 - 2017-10-11 18:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-14 16:46 - 2017-10-11 18:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-14 16:46 - 2017-10-11 18:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-14 16:46 - 2017-10-11 18:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-14 16:46 - 2017-10-11 18:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-14 16:46 - 2017-10-11 18:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-14 16:46 - 2017-10-11 18:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-14 16:46 - 2017-10-11 18:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 16:46 - 2017-10-11 18:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-14 16:46 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-14 16:44 - 2017-10-17 20:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 16:44 - 2017-10-17 20:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 16:44 - 2017-10-15 16:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 16:44 - 2017-10-04 07:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 16:44 - 2017-10-04 07:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 16:44 - 2017-10-04 07:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 16:44 - 2017-10-04 07:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 16:44 - 2017-10-04 07:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 16:44 - 2017-10-04 07:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 16:44 - 2017-10-04 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-10 16:30 - 2017-11-10 16:30 - 000260752 _____ (Facebook) C:\Users\Owner\Downloads\FacebookGameroom.exe
2017-11-10 11:01 - 2017-11-10 11:01 - 000002923 _____ C:\Windows\wininit.ini
2017-11-10 08:43 - 2017-11-10 08:43 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-11-10 08:42 - 2017-11-10 10:59 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-10 08:42 - 2017-11-10 08:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-10 08:42 - 2017-11-10 08:42 - 000001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-10 08:42 - 2017-11-10 08:42 - 000001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-10 08:42 - 2017-11-10 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-10 08:42 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-11-10 08:41 - 2017-11-10 08:41 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybotsd-2.6.46.exe
2017-11-09 20:23 - 2017-11-23 14:30 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-07 14:35 - 2017-11-07 14:35 - 000058016 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-04 14:30 - 2017-11-04 14:30 - 000002304 _____ C:\Users\Owner\Desktop\Warframe.lnk
2017-11-04 14:30 - 2017-11-04 14:30 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2017-11-04 13:04 - 2017-11-05 14:21 - 000000000 ____D C:\Users\Owner\AppData\Local\Warframe
2017-11-04 10:15 - 2017-11-04 10:15 - 000000222 _____ C:\Users\Owner\Desktop\Warframe.url
2017-10-28 12:01 - 2017-11-03 20:03 - 006053080 _____ (LLC Mail.Ru) C:\Windows\system32\mracsvc.exe
2017-10-28 12:01 - 2017-11-03 20:03 - 005280880 _____ (LLC Mail.Ru) C:\Windows\system32\Drivers\mracdrv.sys
2017-10-28 12:01 - 2017-10-28 12:01 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashRpt
2017-10-28 10:16 - 2017-10-28 10:16 - 000000222 _____ C:\Users\Owner\Desktop\Warface.url
2017-10-28 00:19 - 2017-10-28 00:19 - 000000000 ____D C:\Users\Owner\Documents\WB Games
2017-10-27 23:34 - 2017-10-27 23:34 - 000000222 _____ C:\Users\Owner\Desktop\Gotham City Impostors Free To Play.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-24 09:37 - 2017-10-12 06:03 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-11-24 09:22 - 2009-07-13 23:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-11-24 09:19 - 2009-07-13 20:34 - 000000215 _____ C:\Windows\system.ini
2017-11-24 08:49 - 2009-07-13 22:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-24 08:49 - 2009-07-13 22:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-24 08:42 - 2017-09-08 16:33 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-24 08:41 - 2016-10-02 08:06 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-24 08:39 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-23 14:37 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-23 14:37 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-11-23 14:31 - 2017-03-14 16:29 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-23 14:29 - 2017-10-12 06:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-23 14:29 - 2017-10-12 06:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-19 11:12 - 2017-10-20 14:30 - 000000000 ____D C:\Users\Owner\Downloads\PopcornTime
2017-11-19 09:48 - 2017-10-12 06:02 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2017-11-17 02:31 - 2016-07-25 11:13 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-17 02:30 - 2017-03-14 16:29 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-17 02:30 - 2017-03-14 16:29 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-17 02:30 - 2017-03-14 16:29 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-17 02:30 - 2017-03-14 16:29 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-17 02:30 - 2016-07-25 11:13 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151090750823304
2017-11-17 02:30 - 2016-07-25 11:13 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-17 02:30 - 2016-07-25 11:13 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-17 02:30 - 2016-07-25 11:13 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-17 02:30 - 2016-07-25 11:13 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-17 02:30 - 2016-07-25 11:13 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-17 02:30 - 2016-07-25 11:12 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-17 02:30 - 2016-07-25 11:12 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-15 12:38 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2017-11-15 03:31 - 2016-07-31 02:58 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 03:12 - 2016-02-25 10:21 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-15 03:09 - 2016-02-25 10:32 - 000000000 ____D C:\Windows\system32\MRT
2017-11-15 03:00 - 2017-10-11 20:47 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-15 03:00 - 2016-02-25 10:32 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-14 14:11 - 2017-10-08 06:45 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 14:11 - 2017-10-08 06:45 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 17:20 - 2017-10-08 06:46 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 17:20 - 2017-10-08 06:46 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-12 09:35 - 2016-10-01 19:43 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-11-12 09:35 - 2016-10-01 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-12 09:34 - 2016-10-01 19:42 - 000000000 ____D C:\Program Files\Java
2017-11-08 11:09 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2017-11-07 20:31 - 2017-02-14 10:17 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-11-04 10:22 - 2017-09-08 17:33 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-10-28 12:02 - 2016-10-02 08:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\NVIDIA
2017-10-25 15:41 - 2016-08-31 23:06 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-10-25 15:41 - 2016-07-25 11:13 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-19 14:56

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2017
Ran by Owner (24-11-2017 09:47:56)
Running from C:\Users\Owner\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-02-25 01:14:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2025064354-3150764831-236609780-500 - Administrator - Disabled)
Guest (S-1-5-21-2025064354-3150764831-236609780-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2025064354-3150764831-236609780-1002 - Limited - Enabled)
Owner (S-1-5-21-2025064354-3150764831-236609780-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToAssist Customer 4.1.0.1544 (HKLM-x32\...\GoToAssist Express Customer) (Version: 4.1.0.1544 - LogMeIn, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LightScribe  1.8.15.1 (HKLM-x32\...\{B395BC1D-CC06-425E-9049-4CD985EFF004}) (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.96 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.6.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.6.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.6.48 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
PDFlite 2.0.0.0 (HKLM-x32\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
Roblox Player for Owner (HKU\S-1-5-21-2025064354-3150764831-236609780-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Sam and Max Hit the Road (HKLM-x32\...\1207666303_is1) (Version: 2.0.0.7 - GOG.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0310 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.6.48 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7265 - Analog Devices)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warframe (HKLM-x32\...\{E46D1409-A3EE-4F34-B858-F75AE913F0FD}) (Version: 1.0.0 - Digital Extremes)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
WN111v2 (HKLM-x32\...\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-05-30] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05CBB426-C42E-4F73-904F-9EDD541FDB62} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-16] (NVIDIA Corporation)
Task: {07AAE5F8-C434-464E-9746-17181AA6CDB7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-16] (NVIDIA Corporation)
Task: {1550333A-164F-4998-9486-4015B80B8290} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-16] (NVIDIA Corporation)
Task: {187129D5-0D83-4385-83BB-15DB4D06BF97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {2CF078F9-DDC5-4462-B555-983250991E24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-08] (Google Inc.)
Task: {2F9FC81C-79D9-48AC-AA0C-1816A06E8C35} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {336D4174-7AE3-4652-B116-20941FCF2F05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {38D6E151-35FC-4842-B73A-158342979E11} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-16] (NVIDIA Corporation)
Task: {490E97AF-00C5-4E03-B3D1-BAB405B4F56F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5AB170DA-BF02-420A-A361-14C72C19F33C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-16] (NVIDIA Corporation)
Task: {5B6EA15C-F127-40AE-8FEB-96E4370870EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-08] (Google Inc.)
Task: {7AE25D96-001A-4747-8D78-F3A7C918620E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {A67A7730-704A-45BE-A226-536D1AB5A763} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {B19B8466-112C-4966-8B45-8C4E6B0C615A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-17] (AVAST Software)
Task: {B19F790C-1DED-40B9-B4C7-4E335C4C4615} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-16] (NVIDIA Corporation)
Task: {BFF458CA-9BD1-455B-935E-D067FACE5A2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {DE5D6BDF-8C3C-440D-8594-29F0F175C76B} - System32\Tasks\SafeZone scheduled Autoupdate 1469466930 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {F3EEE44E-6487-4075-A186-8B6AC78C363C} - System32\Tasks\{7932AA46-0101-4257-8B17-66A3AB3465E2}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Owner\Desktop\2016-06-24\Amy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) ==============

2016-10-02 08:05 - 2016-05-30 11:36 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-23 15:32 - 2014-09-03 04:39 - 000321536 ____R () C:\Windows\System32\pt2500lm.dll
2017-03-30 11:44 - 2013-08-26 06:12 - 000087040 _____ () C:\Windows\System32\redmonnt.dll
2016-10-26 07:48 - 2016-10-26 07:48 - 000031256 _____ () C:\Windows\System32\us008lm.dll
2016-10-02 08:29 - 2016-09-16 19:42 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-02 08:29 - 2016-09-16 19:42 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-02 08:29 - 2016-09-16 19:42 - 000419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-08-06 17:49 - 2010-05-10 11:13 - 001268192 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
2017-11-17 02:30 - 2017-11-17 02:30 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-11-13 17:20 - 2017-11-10 03:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 17:20 - 2017-11-10 03:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-24 02:36 - 2017-11-24 02:36 - 005881920 _____ () C:\Program Files\AVAST Software\Avast\defs\17112400\algo.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-09-08 16:35 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-08 16:35 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-09-08 16:35 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-08 16:35 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-09-08 16:35 - 2017-10-30 21:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-09-08 16:35 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-09-08 16:35 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-09-08 16:35 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-09-08 16:35 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-09-08 16:35 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-09-08 16:35 - 2017-10-30 21:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-09-08 16:35 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-07-08 02:53 - 2017-07-08 02:53 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-17 02:30 - 2017-11-17 02:30 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-11-10 08:42 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-11-10 08:42 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-11-10 08:42 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-09-08 16:37 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-08 16:37 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-08 16:35 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-10-02 08:29 - 2016-09-16 19:42 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-11-10 08:42 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2025064354-3150764831-236609780-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.202.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{7D0EBA05-3184-460A-943E-0810E8F20F45}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F4C608AC-5A44-4AF7-88FE-B4FFDF9E26C8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F5E1301B-D61D-4967-8C72-7E409A522623}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{84E76097-A704-4C47-BA54-6E2FC66AAA92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{32E79708-7860-4DDB-91AE-69BE2A636D08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A8205CEE-AD67-407D-B36C-DBFC5C312B31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{457DC23E-24FF-4E08-B808-9CC115F649E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B8A6830-139D-437F-8A74-EEBFD669815A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{F5A8268D-20A4-41D5-9452-E66368C9A64F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32B1571C-4D29-482E-914D-ACBDDD435DDE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{870EAB06-9974-41A8-A6A3-0D9016C57AC1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9238B4FF-B4DF-45D2-8BBB-EDE2F87162F7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CE1DCF1B-C85B-44B5-B78A-DCBF7500005E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steam360VideoPlayer\Steam360VideoPlayer.exe
FirewallRules: [{A3DBA43B-0F6B-46B0-B7B6-4A2306A42B49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steam360VideoPlayer\Steam360VideoPlayer.exe
FirewallRules: [{6CDE6D20-0945-4F1F-8BB3-90DBA3365548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{A91A6D26-24A4-4772-8F04-CDD80E14DC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{DF933A9E-6C1B-4EC6-B0C4-16918B3EDD04}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{E5D50751-FBDE-4A2A-A214-B8950C09CBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4C0BCC76-F4D9-4370-9A1D-E393F8A541E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B103B941-8C25-4FE5-96D2-261C0D172DAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe
FirewallRules: [{D59B4371-33B0-4520-B9E3-CF7CEB0709EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe
FirewallRules: [{FE072E94-C569-42AB-AA5F-C480121E89D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{FDBBB511-489A-4B67-8988-2174321185F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{043DB25D-B837-4819-A226-D8ED4D1253C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{11C8FE20-5F12-42E5-8CBE-D1D17C035290}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DB654C7B-76A1-4163-8CB3-3B75A3451155}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A0F43E92-70B2-489B-9CD1-2341AE550C10}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{3231230C-321D-49A0-B41A-3BF67D1714A7}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{884CB8B7-6FC4-481F-833A-BB1EAE94E40C}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BE6523B7-3904-4C7D-89C8-46A08A446228}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{33CBE403-0B23-4215-82B5-BB63A7821591}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{C6610F59-F4EC-4BA8-ADDE-1D092562511A}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{AD7EDCC7-B3D0-475C-AFAC-5F319BAE6BF4}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{FB65FF0F-8046-44E3-8377-FD4158F1883C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Impostors.exe
FirewallRules: [{65344CAD-519B-4780-B646-54B14F4FB44F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Impostors.exe
FirewallRules: [{4E4515A7-A62B-4BBA-A068-4171E1D6F6C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{BBC95F77-E5B1-4CB6-872A-124ED64B7FC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{A4A41C4F-5627-44C1-8DD7-3502E5FF06DD}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{010F19D5-72C3-4711-AFE7-5AA96DD75EB0}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe
FirewallRules: [{02D19A24-B327-4825-AEF4-9D2EFD0A2B7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{514A097C-FDC5-4F63-BADC-D94DF7A837E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{5A277A60-56C5-49B6-818F-FD9FB338CE67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{27A392B1-C3A4-46AF-ACC8-1B5B58CD0788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{560430A8-AE87-4922-8154-C80EDD6D7473}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CFBF9AA4-E76F-4AF8-9ADB-8DBBE75B66EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0D854819-EDAB-4824-8526-00C44933D410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3319DE77-BE00-4C34-9AE2-EAEE6E2B3FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D5B2168B-438C-485E-842E-9D1509967CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{71FF5CD3-D950-4BC2-AB1C-21AE64E9C5C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2AB340E2-2640-429A-AC05-D7FD858CA860}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CB38E43D-4838-43DE-B9C5-CD7CEC91B33A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6808273A-AE67-4C63-B560-46CA4DBB7AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{696B4ACB-51E8-4810-B46A-1084AE9C1E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{9223C33D-E3F0-480D-882C-D2538A2279BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2017 09:06:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80070422).

Error: (11/24/2017 08:41:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/24/2017 08:12:30 AM) (Source: SupremoSystem.exe) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/24/2017 12:00:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (11/23/2017 05:44:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (11/23/2017 02:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/22/2017 11:50:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).

Error: (11/22/2017 11:50:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (11/21/2017 12:00:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (11/20/2017 12:00:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).


System errors:
=============
Error: (11/24/2017 09:19:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/24/2017 09:14:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/24/2017 09:09:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SCM_Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2017 08:42:16 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (11/24/2017 08:40:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/24/2017 08:40:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (11/24/2017 08:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/24/2017 08:40:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/24/2017 08:38:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:37:23 AM on ‎11/‎24/‎2017 was unexpected.

Error: (11/23/2017 02:30:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.


CodeIntegrity:
===================================
  Date: 2016-09-04 09:23:22.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-04 09:23:22.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 14:02:35.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-03 14:02:35.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 07:32:09.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 07:32:09.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-30 20:40:43.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-30 20:40:43.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:14:15.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:14:15.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 6077.61 MB
Available physical RAM: 2048.27 MB
Total Virtual: 12153.41 MB
Available Virtual: 8120.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:510.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 000153BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 AM

Posted 25 November 2017 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this old version of Java program in bold via the Control Panel > Programs > Programs and Features.
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)

===


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M47B5CBD3-1C77-4A51-B008-1029015626BD&SearchSource=55&CUI=&UM=8&UP=SPE12CB063-3B69-4EB1-9EB7-780A4CFF5E2E&D=032615&SSPV=","hxxp://search.fantastigames.com/455","hxxp://mystart.incredibar.com/mb185?a=6PQU2wOmuK&i=26","hxxp://search.conduit.com/?ctid=CT3295790&SearchSource=48&CUI=UN24786035625891309&UM=2","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003... (long line)
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-10]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-16]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-16]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 mracsvc; C:\Windows\System32\mracsvc.exe [6053080 2017-11-03] (LLC Mail.Ru)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [5280880 2017-11-03] (LLC Mail.Ru)
C:\Windows\System32\mracsvc.exe
C:\Windows\System32\drivers\mracdrv.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s
If you use Mail.ru remove these lines before you save the fixlist.txt suggested above.
S3 mracsvc; C:\Windows\System32\mracsvc.exe [6053080 2017-11-03] (LLC Mail.Ru)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [5280880 2017-11-03] (LLC Mail.Ru)
C:\Windows\System32\mracsvc.exe
C:\Windows\System32\drivers\mracdrv.sys
===

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 AM

Posted 01 December 2017 - 09:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·