Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laggy and freezing problems


  • This topic is locked This topic is locked
20 replies to this topic

#1 bighippo

bighippo

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2018 - 12:36 AM

In the past week or 2, my computer will get really laggy and sometimes freeze for a few minutes at a time at random. Happens at least 2 dozen times a day and those are the bad episodes not counting all the little annoying laggy moments that happen too often. It's done it several times since I started scanning with Farbar I scanned with MBAM and it didn't find anything so I thought I'd come on here and get it checked out. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018 Ran by Administrator (administrator) on THECOMPUTER (24-02-2018 23:32:05) Running from C:\Users\Administrator\Downloads Loaded Profiles: Administrator (Available Profiles: Ryan & UpdatusUser & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NCH Software) C:\Program Files (x86)\NCH Software\Debut\debut.exe () C:\Program Files (x86)\NCH Software\Components\x264enc5\x264enc5.exe () C:\Program Files (x86)\NCH Software\Components\mp3el2\lame.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-15] (AVAST Software) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [WsmUpdater] => C:\Program Files (x86)\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe [292208 2012-05-18] (Web Solution Mart) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2018-02-06] ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.) BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart GroupPolicy\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{068BA458-B45C-47FE-A520-7FA3691B0CDC}: [DhcpNameServer] 192.168.254.254 192.168.254.254 Tcpip\..\Interfaces\{1B2BA82E-4748-4168-9FF8-911A15D19101}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{300D6ADE-B8B9-480B-887A-4F17A6EB3699}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{486C428A-F9CF-4663-A5E7-F0337A98B6B1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{E4B07EAD-0FAC-4779-9276-8DD61EFB2FF1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-15] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} hxxp://www.convergysworkathome.com/AppHardT.CAB DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) FireFox: ======== FF DefaultProfile: 0j1dkpdm.default-1393789532672 FF ProfilePath: C:\Users\Administrator\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\hg2nzb4t.default [2014-04-28] FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\hg2nzb4t.default -> resource://webapp/openvpn.html FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672 [2018-02-24] FF Homepage: Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672 -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl FF NetworkProxy: Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672 -> backup.ftp", "" FF Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\sp@avast.com.xpi [2018-01-21] FF Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\wrc@avast.com.xpi [2017-11-19] FF Extension: (Tamper Data) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-06-30] [Legacy] FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-21] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\searchplugins\yahoo-avast.xml [2014-06-18] FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m9ndbmnu.dev-edition-default [2018-02-23] FF Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m9ndbmnu.dev-edition-default\Extensions\wrc@avast.com.xpi [2017-11-19] FF HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-01] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN) StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2018-02-24] CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-09] CHR Extension: (Off The Record History) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbaolpiihkcmmfjnjdmomeeheldhhdp [2017-11-26] CHR Extension: (Disconnect) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25] CHR Extension: (ScriptSafe) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-12-14] CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-09] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-02-15] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-15] (AVAST Software) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] () S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed] S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.) R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] () R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [4863752 2016-02-17] (Realtek Semiconductor Corporation ) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [192944 2018-02-15] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-05] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-05] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-05] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-05] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [190440 2018-02-15] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-02-15] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-02-15] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-02-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-02-15] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-02-15] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [459952 2018-02-15] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205464 2018-02-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379448 2018-02-15] (AVAST Software) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.) S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation) S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [307968 2012-07-26] (D-vitec) R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2014-01-17] () R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-24] (Malwarebytes) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.) R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0049.sys [28768 2014-09-07] (SoftEther VPN Project at University of Tsukuba, Japan.) R3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0059.sys [28768 2014-09-20] (SoftEther VPN Project at University of Tsukuba, Japan.) R3 Neo_VPN3; C:\Windows\System32\DRIVERS\Neo_0089.sys [28640 2015-04-15] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2017-08-02] (SoftEther Corporation) S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed] S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-24 23:32 - 2018-02-24 23:44 - 000023997 _____ C:\Users\Administrator\Downloads\FRST.txt 2018-02-24 23:26 - 2018-02-24 23:32 - 000000000 ____D C:\FRST 2018-02-24 23:25 - 2018-02-24 23:25 - 002403328 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2018-02-24 23:24 - 2018-02-24 23:24 - 001763328 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe 2018-02-24 05:19 - 2018-02-24 05:19 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-02-23 21:14 - 2018-02-24 05:18 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-02-23 21:14 - 2018-02-23 21:14 - 000001836 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-23 21:14 - 2018-02-23 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-23 21:13 - 2018-02-23 21:13 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2018-02-18 19:24 - 2018-02-18 19:24 - 000019578 _____ C:\Users\Administrator\Downloads\Steve Vai - Bangkok (power).ptb 2018-02-18 18:26 - 2018-02-18 18:26 - 000128055 _____ C:\Users\Administrator\Downloads\Steve Vai - Fire Garden Suite (power) (1).ptb 2018-02-15 01:10 - 2018-02-15 01:09 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-02-14 08:00 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-02-14 08:00 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-02-14 08:00 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-02-14 08:00 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-02-14 08:00 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-02-14 08:00 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-02-14 08:00 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-02-14 08:00 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-02-14 08:00 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-02-14 08:00 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-02-14 08:00 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-02-14 08:00 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-02-14 08:00 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-02-14 08:00 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-02-14 08:00 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-02-14 08:00 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-02-14 08:00 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-02-14 08:00 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-02-14 08:00 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-02-14 08:00 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-02-14 08:00 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-02-14 08:00 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-02-14 08:00 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe 2018-02-14 08:00 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-02-14 08:00 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2018-02-14 07:59 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-02-14 07:59 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-02-14 07:59 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-02-14 07:59 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-02-14 07:59 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-02-14 07:59 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-02-14 07:59 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-02-14 07:59 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-02-14 07:59 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-02-14 07:59 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-02-14 07:59 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-02-14 07:59 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-02-14 07:59 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-02-14 07:59 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-02-14 07:59 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-02-14 07:59 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-02-14 07:59 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-02-14 07:59 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-02-14 07:59 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-02-14 07:59 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-02-14 07:59 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-02-14 07:59 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-02-14 07:59 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-02-14 07:59 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-02-14 07:59 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-02-14 07:59 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-02-14 07:59 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-02-14 07:59 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-02-14 07:59 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-02-14 07:59 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-02-14 07:59 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-02-14 07:59 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-02-14 07:59 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-02-14 07:59 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-02-14 07:59 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-02-14 07:59 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-02-14 07:59 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-02-14 07:59 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-02-14 07:59 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-02-14 07:59 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-02-14 07:59 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-02-14 07:59 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-02-14 07:59 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-02-14 07:59 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-02-14 07:59 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-02-14 07:59 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-02-14 07:59 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-02-14 07:59 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-02-14 07:59 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-02-14 07:59 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-02-14 07:59 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-02-14 07:59 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-02-14 07:59 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-02-14 07:59 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-02-14 07:59 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-02-14 07:59 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-02-14 07:59 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-02-14 07:59 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-02-14 07:59 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2018-02-14 07:59 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-02-14 07:59 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-02-14 07:59 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-02-14 07:59 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-02-14 07:59 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe 2018-02-14 07:59 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2018-02-14 07:59 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys 2018-02-14 07:59 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2018-02-14 07:59 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-02-14 07:59 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-02-14 07:59 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-02-14 07:59 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-02-14 07:59 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-02-14 07:59 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-02-14 07:59 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-02-14 07:59 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-02-14 07:59 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-02-14 07:59 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-02-14 07:59 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-02-14 07:59 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-02-14 07:59 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-02-14 07:59 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-02-14 07:59 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-02-14 07:59 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-02-14 07:59 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-02-14 07:59 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-02-14 07:59 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-02-14 07:59 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2018-02-14 07:59 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2018-02-14 07:59 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2018-02-14 07:59 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2018-02-14 07:59 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2018-02-14 07:59 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2018-02-14 07:59 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2018-02-14 07:59 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2018-02-14 07:59 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2018-02-14 07:59 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2018-02-14 07:59 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2018-02-14 07:59 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2018-02-14 07:59 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2018-02-14 07:59 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2018-02-14 07:59 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2018-02-14 07:59 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2018-02-14 07:59 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2018-02-14 07:59 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2018-02-14 07:59 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll 2018-02-14 07:59 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2018-02-14 07:59 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2018-02-14 07:59 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2018-02-14 07:59 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2018-02-14 07:59 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2018-02-14 07:59 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2018-02-14 07:57 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-02-14 07:57 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-02-14 07:57 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-02-14 07:57 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-02-07 15:20 - 2018-02-07 15:20 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-02-07 01:23 - 2018-02-07 01:23 - 000044854 _____ C:\Users\Administrator\Downloads\Dream Theater - Hells Kitchen (power tab) (2).ptb 2018-02-06 23:29 - 2018-02-06 23:29 - 000002051 _____ C:\Users\Public\Desktop\NETGEAR A6100 Genie.lnk 2018-02-06 23:29 - 2018-02-06 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR A6100 Genie 2018-02-06 23:29 - 2018-02-06 23:29 - 000000000 ____D C:\Program Files (x86)\NETGEAR 2018-02-06 23:29 - 2013-08-21 23:20 - 000006588 _____ C:\Windows\system32\Drivers\A6100_LMT.txt 2018-02-06 23:29 - 2013-08-21 23:20 - 000001529 _____ C:\Windows\system32\Drivers\A6100.txt 2018-02-06 23:28 - 2018-02-06 23:28 - 000000000 ____D C:\ProgramData\NETGEAR 2018-02-06 23:26 - 2018-02-06 23:26 - 000000000 ____D C:\Users\Administrator\Downloads\NETGEAR ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-24 23:40 - 2013-04-12 22:43 - 000000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job 2018-02-24 22:51 - 2012-03-30 15:40 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job 2018-02-24 22:40 - 2013-04-12 22:43 - 000000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job 2018-02-24 19:28 - 2010-08-30 06:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-02-24 16:51 - 2012-03-30 15:40 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job 2018-02-24 04:56 - 2009-07-13 23:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-02-24 04:56 - 2009-07-13 23:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-02-23 21:20 - 2017-04-16 00:52 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-02-23 21:13 - 2017-12-29 00:40 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2018-02-23 21:13 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-23 21:13 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2018-02-23 21:05 - 2013-06-26 01:00 - 000000000 ____D C:\Users\Administrator 2018-02-23 21:05 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-23 12:33 - 2017-07-02 10:57 - 000000000 ____D C:\Program Files\Opera 2018-02-21 03:12 - 2017-07-02 10:58 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1499011116 2018-02-15 13:49 - 2009-07-13 23:45 - 000351776 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-15 03:48 - 2014-12-10 03:55 - 000000000 ____D C:\Windows\system32\appraiser 2018-02-15 03:28 - 2013-08-13 02:02 - 000000000 ____D C:\Windows\system32\MRT 2018-02-15 03:19 - 2017-10-12 02:22 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-02-15 03:18 - 2011-01-11 13:52 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-02-15 03:09 - 2011-07-24 23:21 - 000775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-02-15 01:10 - 2013-03-17 10:57 - 000000000 ____D C:\Users\UpdatusUser 2018-02-15 01:10 - 2011-01-06 23:33 - 000000000 ____D C:\Users\Ryan 2018-02-15 01:09 - 2017-11-19 03:48 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-02-15 01:09 - 2014-05-07 18:50 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-02-15 01:09 - 2013-12-28 04:33 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-02-15 01:09 - 2013-03-03 18:40 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-02-15 01:09 - 2013-03-03 18:40 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-02-15 01:09 - 2013-03-03 18:40 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-02-15 01:09 - 2013-03-03 18:40 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-02-15 01:09 - 2013-03-03 18:40 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-02-15 01:08 - 2013-03-03 18:40 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-02-15 01:07 - 2018-01-05 00:53 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-02-13 21:07 - 2014-03-04 13:06 - 000002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-13 21:07 - 2014-03-04 13:06 - 000002071 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-09 19:57 - 2012-10-29 22:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-02-07 15:23 - 2013-11-13 16:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2018-02-07 15:20 - 2014-09-20 13:55 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-02-07 15:20 - 2014-09-20 13:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-02-07 15:20 - 2014-09-20 13:55 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-02-07 15:17 - 2011-11-18 15:45 - 000000000 ____D C:\Windows\system32\Macromed 2018-02-06 23:29 - 2010-08-30 06:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-02-06 23:27 - 2011-07-30 09:48 - 000000000 ____D C:\Windows\Downloaded Installations 2018-02-02 18:42 - 2017-11-14 22:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Files in the root of some directories ======= 2011-01-06 21:32 - 2013-03-21 16:55 - 000000034 ____H () C:\Users\Ryan\jagex_runescape_preferences.dat 2011-01-06 21:33 - 2013-03-21 16:56 - 000000117 ____H () C:\Users\Ryan\jagex_runescape_preferences2.dat 2013-12-07 04:33 - 2013-12-07 04:33 - 000000378 _____ () C:\Program Files (x86)\temp995.bat 2014-01-09 20:52 - 2014-01-09 20:53 - 000001265 _____ () C:\Users\Administrator\AppData\Roaming\trace_FilterInstaller.1.txt 2014-01-09 20:52 - 2014-01-17 23:49 - 000001265 _____ () C:\Users\Administrator\AppData\Roaming\trace_FilterInstaller.txt 2014-01-09 20:52 - 2014-01-17 23:49 - 000000000 _____ () C:\Users\Administrator\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-10-21 07:56 - 2014-10-21 07:56 - 000173636 _____ () C:\Users\Administrator\AppData\Roaming\VideoPad.dmp 2013-09-19 15:39 - 2013-09-19 15:39 - 000000037 ___SH () C:\Users\Administrator\AppData\Local\70149b02515b3bb20dd492.47983420 2014-04-10 12:59 - 2017-02-08 20:25 - 000008704 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-23 02:46 - 2014-02-23 02:46 - 000000218 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2017-11-19 01:00 - 2017-11-19 01:00 - 000003584 _____ () C:\Users\Administrator\AppData\Local\Temp\af8jdjuu.dll 2017-07-30 17:49 - 2017-07-30 17:49 - 008719048 _____ (Web Solution Mart ) C:\Users\Administrator\AppData\Local\Temp\FH3427.tmp.exe 2017-07-30 17:49 - 2017-07-30 17:49 - 012444400 _____ (Web Solution Mart ) C:\Users\Administrator\AppData\Local\Temp\FH7F89.tmp.exe 2017-12-09 14:02 - 2017-12-09 14:02 - 000003584 _____ () C:\Users\Administrator\AppData\Local\Temp\lun35ndn.dll 2017-12-10 01:00 - 2017-12-10 01:00 - 000003584 _____ () C:\Users\Administrator\AppData\Local\Temp\mpvpo0yw.dll 2017-11-15 21:03 - 2017-11-15 21:03 - 000004608 _____ () C:\Users\Administrator\AppData\Local\Temp\pz_50_ha.dll 2017-08-26 21:28 - 2017-08-26 21:28 - 007178424 _____ (VS Revo Group ) C:\Users\Administrator\AppData\Local\Temp\VSUSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-01-30 03:03 ==================== End of FRST.txt ============================

BC AdBot (Login to Remove)

 


#2 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2018 - 12:38 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018 Ran by Administrator (24-02-2018 23:59:29) Running from C:\Users\Administrator\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-01-07 04:33:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1586326372-1664844804-1117412497-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1586326372-1664844804-1117412497-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1586326372-1664844804-1117412497-1002 - Limited - Enabled) Ryan (S-1-5-21-1586326372-1664844804-1117412497-1001 - Administrator - Enabled) => C:\Users\Ryan UpdatusUser (S-1-5-21-1586326372-1664844804-1117412497-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Anti-Virus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Anti-Virus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 18 Wheels of Steel - American Long Haul (HKLM-x32\...\WT088650) (Version: 2.2.0.95 - WildTangent) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe SWF Investigator (HKLM-x32\...\SWFInvestigator) (Version: 0.6.5 - Adobe Systems Incorporated) Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (HKLM-x32\...\WT088147) (Version: 2.2.0.95 - WildTangent) Hidden Application Verifier x64 External Package (HKLM\...\{77F3D72C-465F-BD51-890E-CC3914B1365F}) (Version: 8.100.26629 - Microsoft) Hidden Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software) AVG 2013 (HKLM\...\{9B305FB9-297D-4F86-BC8B-740E7A1EF200}) (Version: 13.0.2793 - AVG Technologies) Hidden AzureTools.Notifications.VwdExpress (HKLM-x32\...\{4C4FEB30-6A9F-402F-8E17-6C4C67AB3498}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Bejeweled 2 Deluxe (HKLM-x32\...\WT088155) (Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (HKLM-x32\...\WT088374) (Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Core Temp 1.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.1 - Alcpu) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software) DownloadX ActiveX Download Control 1.6.5 (HKLM-x32\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - DownloadXCtrl.com) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) eMachines Game Console (HKLM-x32\...\eMachines Game Console) (Version: - WildTangent) Hidden eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.1.3 - WildTangent) eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated) eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software) Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software) Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Fake Webcam Codecs Pack 1.0.0 (HKLM\...\fwccpsetup_is1) (Version: 1.0.0 - Web Solution Mart) Firefox Developer Edition 36.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 36.0a2 (x86 en-US)) (Version: 36.0a2 - Mozilla) FlashDevelop (HKLM-x32\...\FlashDevelop) (Version: 5.0.2 - FlashDevelop.org) FoxTab PDF Converter (HKLM-x32\...\FoxTab PDF Converter) (Version: - FoxTab) <==== ATTENTION FrostWire 6.2.2 (HKLM-x32\...\FrostWire 6) (Version: 6.2.2.176 - FrostWire LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{15CC861C-C69E-3758-8961-CE304C2595B6}) (Version: 4.4.2.14502 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - ) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) ManyCam 4.1.2 (HKLM-x32\...\ManyCam) (Version: 4.1.2 - Visicom Media Inc.) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F940D859-DDB5-4067-82E2-3C8D02F8E09F}) (Version: 4.0.1653.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Web - ENU (HKLM-x32\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla) MSI Development Tools (HKLM-x32\...\{CF3A1CA6-5E5E-B4BD-6CF1-363056816CA2}) (Version: 8.100.25984 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{8b69867b-791d-4d84-8fbd-efced15a15d1}) (Version: - Nero AG) NETGEAR A6100 Genie (HKLM-x32\...\{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR) Hidden NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Opera Stable 51.0.2830.34 (HKLM-x32\...\Opera 51.0.2830.34) (Version: 51.0.2830.34 - Opera Software) Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden SDK ARM Additions (HKLM-x32\...\{5A5DB011-54FB-C3B3-2DDB-5E6C1B80115D}) (Version: 8.100.26638 - Microsoft Corporation) Hidden SDK ARM Additions EULA (HKLM-x32\...\{604103DF-C562-D628-F735-8FE352345B12}) (Version: 8.100.26638 - Microsoft Corporations) Hidden SDK ARM Redistributables (HKLM-x32\...\{8B1AEFB9-D22B-205A-C0CD-1675DA7DAB86}) (Version: 8.100.26638 - Microsoft Corporation) Hidden SDK Debuggers (HKLM-x32\...\{9274C832-3D8A-A294-FDE8-8B9272357098}) (Version: 8.100.26629 - Microsoft Corporation) Hidden SDK Debuggers ARM (HKLM-x32\...\{C657864C-CFF9-B50F-6451-F8C6AA15A569}) (Version: 8.100.26638 - Microsoft Corporation) Hidden Security Task Manager 1.8c (HKLM-x32\...\Security Task Manager) (Version: 1.8c - Neuber Software) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.) SWiX 1.4.0.2318 (HKLM-x32\...\SWiX_is1) (Version: 1.4.0.2318 - Richmedia Ltd.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden TinyWord 2.9.0 (HKLM-x32\...\TinyWord2) (Version: 2.9.0 - AbiSource Developers) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC Media Player (HKLM-x32\...\VLC Media Player1.1.11) (Version: 1.1.11 - VideoLAN) VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) VSDC Free Video Editor version 2.2.2.323 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.2.2.323 - Flash-Integro LLC) WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project) Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Driver Kit for Windows 8.1 (HKLM-x32\...\{da762e25-7812-4a12-871c-93574078d85a}) (Version: 8.100.26638 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{57334b90-51ab-4979-a6e4-ab0f7632479a}) (Version: 8.100.26654 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org) WM Capture 5 (HKLM-x32\...\WM Capture 5) (Version: 5.0 - AllAlex,Inc) WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.26654 - Microsoft) Hidden WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.26629 - Microsoft) Hidden Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\ChromeHTML: -> <==== ATTENTION ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software) ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2014-02-05] () ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-25] (Lavasoft Limited) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-25] (Lavasoft Limited) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software) ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2014-02-05] () ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-25] (Lavasoft Limited) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00B3804D-561B-472A-B532-D5E826569144} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {0138DECD-24DE-4354-9AE6-29AC4F5534B1} - System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => C:\Windows\system32\pcalua.exe -a "C:\Windows\TEMP\avast_ash\Adobe AIR\AdobeAIRInstaller.exe" -d "C:\Program Files\AVAST Software\Avast" <==== ATTENTION Task: {021E26CF-FAB5-4EF3-9566-FC52C74FBE72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {0D09594C-0039-4EB8-B038-F7CC91819295} - System32\Tasks\{7951C582-317B-4C20-82B8-AC3C1F539956} => C:\Windows\system32\pcalua.exe -a C:\Users\Ryan\Downloads\Shockwave_Installer_Slim(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {161C680D-FF2C-4AD4-8F11-68FB488BFF01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated) Task: {230528CA-6172-43F8-A6D4-033B142057D8} - System32\Tasks\SafeZone scheduled Autoupdate 1465980449 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software) Task: {4884B578-588A-47FA-A6CD-FAB728E90A88} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-15] (AVAST Software) Task: {65623F98-3F29-4528-B5CB-A0D01AAE4627} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1586326372-1664844804-1117412497-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {66F7E766-94D3-48FD-813C-D191E3D361C6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1586326372-1664844804-1117412497-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {6A226930-7CCD-4D62-9287-A4F70270C53F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {6E0F6FC7-B74F-4398-B321-72849FE24201} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {6F9B543E-DD4D-44BE-B8FB-1262A4067896} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-07] (Adobe Systems Incorporated) Task: {94CBD347-1B70-48E9-A816-90D097E3F7A5} - System32\Tasks\{304C4539-D934-427A-BFFB-B72EE40388EB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MagicISO\MagicISO.exe" -d C:\Users\Ryan\Desktop Task: {B500D725-6E3E-4BAF-AB0A-95D5E687500D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {BAF5D18C-E422-409F-AD95-5B962C890F2E} - System32\Tasks\{656C6779-3CAA-4939-A795-CDBC4665D789} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/4.1.0.179.369/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {C4EE6D26-6CF0-45DF-96D4-ABBEA4BB37C3} - System32\Tasks\{3B23FE6C-6236-4856-BADA-415BE4AE248E} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE Task: {CD8A6502-CE29-4257-B5D9-DB3F90A9FBC7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-08] (AVAST Software) Task: {CE5441ED-87F1-4C68-AF69-952FE9DB1576} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {D47339DF-A505-4403-9973-87CAE6186C5A} - System32\Tasks\{39D11008-5370-4F9C-B2FF-EBC944C62FD4} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\NCH Software\Doxillion\uninst.exe" Task: {D968B6F6-C0C2-4E3F-AF6E-A6B5B7FF2828} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {E505CDF0-5C25-4255-81C3-390383BC4150} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {EE21C42B-D209-467F-A292-4C93AC11C85A} - System32\Tasks\{A3FE7B6D-ADCC-4BD3-B697-1FF73E1F0615} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\Cain\UNWISE.EXE -c C:\PROGRA~2\Cain\INSTALL.LOG Task: {F84C9496-1CC1-4B59-94A6-BF1207020566} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {F91C6493-5C83-4482-B17D-D2E56F2A0C16} - System32\Tasks\Opera scheduled Autoupdate 1499011116 => C:\Program Files\Opera\launcher.exe [2018-02-15] (Opera Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.2.2-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.emachines.com/redirect.aspx?rid=09000003 ==================== Loaded Modules (Whitelisted) ============== 2013-03-17 10:56 - 2015-01-30 19:57 - 000086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2009-08-10 18:01 - 2009-08-10 18:01 - 000626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2009-08-10 18:00 - 2009-08-10 18:00 - 000070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2009-08-10 18:01 - 2009-08-10 18:01 - 000578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2014-02-05 04:33 - 2014-02-05 04:33 - 000089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll 2009-08-10 18:01 - 2009-08-10 18:01 - 000206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2018-02-15 01:08 - 2018-02-15 01:08 - 000721112 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000326360 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll 2018-02-23 21:14 - 2018-02-24 05:18 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2014-01-09 20:52 - 2012-10-19 09:54 - 001492222 _____ () C:\Program Files (x86)\NCH Software\Components\x264enc5\x264enc5.exe 2014-01-09 20:52 - 2007-11-27 08:41 - 000405504 _____ () C:\Program Files (x86)\NCH Software\Components\mp3el2\lame.exe 2018-02-13 21:07 - 2018-02-12 23:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll 2018-02-13 21:07 - 2018-02-12 23:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2018-02-15 01:07 - 2018-02-15 01:07 - 000172248 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000963288 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000468696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-02-15 01:08 - 2018-02-15 01:08 - 000339160 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll 2018-02-23 21:15 - 2018-02-23 21:15 - 005822096 _____ () C:\Program Files\AVAST Software\Avast\defs\18022310\algo.dll 2018-02-24 05:38 - 2018-02-24 05:38 - 005822096 _____ () C:\Program Files\AVAST Software\Avast\defs\18022400\algo.dll 2016-01-07 09:17 - 2016-01-07 09:17 - 000094208 _____ () C:\Program Files (x86)\NETGEAR\A6100\Realtek.dll 2012-11-06 09:47 - 2012-11-06 09:47 - 000114688 _____ () C:\Program Files (x86)\NETGEAR\A6100\EnumDevLib.dll 2017-07-03 22:50 - 2017-07-03 22:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-02-15 01:07 - 2018-02-15 01:07 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2014-01-09 20:52 - 2014-01-17 23:49 - 000069632 _____ () C:\Program Files (x86)\NCH Software\Debut\debuthooksdll.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [133] AlternateDataStreams: C:\ProgramData\TEMP:58E127A5 [214] AlternateDataStreams: C:\ProgramData\TEMP:80337C03 [250] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\localhost -> hxxps://localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-03-01 13:54 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A6343D57-54B8-423C-B6F5-577E012E6EA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{2EC1721A-BF5E-408D-9097-20F0B02C56B8}] => (Allow) svchost.exe FirewallRules: [{2A8CBBC7-A0AA-4372-8CA5-0A86F12342D7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{F9F5667B-098A-4BAD-8542-F305AEE3681A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{431A9FF4-E1F0-41C3-BAEE-FBBE8DE3FA81}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{4910E33E-DE11-4CB0-96F7-7A3628C96C45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7F7C0134-4EC6-421A-97A8-0F5239DBDC0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{43AE0BE8-6E4F-4031-85E3-8FF1BD7FD072}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3D37CE4A-A51C-4C32-8623-5E2EF674BC4B}] => (Allow) LPort=2869 FirewallRules: [{53781FF6-4ACC-4677-8F5C-8D1E68F5F0FA}] => (Allow) LPort=1900 FirewallRules: [{D8744737-CDF5-4A0C-B287-A8599694FBFE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{70B54969-F310-4C1F-A04C-F23489A27113}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{20C61F99-DE92-4B79-AD05-7E46030E8031}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{9F01EC5A-6E56-4637-ADD9-8D1474CBB46A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{C093FC8E-B654-473C-BFF7-619F49DBD227}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{799802DA-30B9-4B94-913C-5414662CDA94}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{2FDF8B07-A88C-4814-B8C0-8C74D2E20EB5}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{B11FAEBC-2276-4CA8-9C15-D756EC0DC0D0}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{096E3A58-2799-4780-AAEE-D559C71D4499}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe FirewallRules: [{90EDA146-BFF1-4B0F-A34E-7AF4A140CD85}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe FirewallRules: [{27A8066C-F364-465F-A843-70B835BDC878}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe FirewallRules: [{C7725DDE-D2DB-4FC2-886E-5C977D1310B6}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe FirewallRules: [{696768FA-E899-44C5-A11E-148A4E0034C4}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe FirewallRules: [{4DC30ACA-E8C6-4A8B-832D-D06EA8E44997}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe FirewallRules: [{5F7E945F-5833-4202-96E6-610B118EA539}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5D39EA51-1DD3-4CA8-93E0-090236EC7646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{45ACC91B-E8C4-4DEA-A945-4E1CF32BDD74}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{6F3D2CC7-5B5C-4875-8CFA-EC1BDBA3B5A5}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{10108EF1-3C1F-40C1-9838-E9D9804BDE2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5D4536E6-A704-4796-A7D0-D224003648E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B981001B-BAD2-48DA-988F-8152E4B6DBC3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{61935809-5215-47B8-AC18-C701002AEAFB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{2B2BB3FE-8C18-45CE-A520-C19A364F6731}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe FirewallRules: [{4D808C98-8499-48B7-9283-8F300A0E20B4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe FirewallRules: [{AA9C2ACE-5501-4AF5-9F62-1F62FABA6657}] => (Allow) C:\Program Files\Opera\50.0.2762.67\opera.exe FirewallRules: [{5EAA6B58-164F-4DB2-99AB-986B6B8EB8B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{76A57696-8CF3-4E86-8113-7484D30198C4}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe ==================== Restore Points ========================= 19-01-2018 11:19:24 Scheduled Checkpoint 20-01-2018 03:00:17 Windows Update 27-01-2018 03:55:00 Scheduled Checkpoint 06-02-2018 22:29:47 Scheduled Checkpoint 06-02-2018 23:28:17 Installed NETGEAR A6100 Genie 14-02-2018 05:27:09 Scheduled Checkpoint 15-02-2018 03:01:24 Windows Update ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2018 09:07:08 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (02/15/2018 01:50:58 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (02/09/2018 07:59:26 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (01/29/2018 02:59:41 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (01/11/2018 03:22:22 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 Error: (01/10/2018 01:58:26 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (01/09/2018 02:29:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "mcupdate, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64". The error returned was Error: The specified assembly is not installed. . Error: (01/09/2018 02:25:43 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. System errors: ============= Error: (02/25/2018 12:08:08 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout. Error: (02/23/2018 09:18:19 PM) (Source: nvstor64) (EventID: 4) (User: ) Description: Command to device was aborted. Device: \Device\RaidPort0 Model: Hitachi HDS721050CLA362 Firmware Version: JP2O Serial Number: JPF540HE1ZTD9T Port: 0 Error: (02/23/2018 09:15:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (02/23/2018 09:12:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. Error: (02/23/2018 09:12:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (02/23/2018 09:08:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (02/23/2018 09:08:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Client Virtualization Handler service hung on starting. Error: (02/23/2018 09:06:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 CodeIntegrity: =================================== Date: 2018-02-24 18:26:12.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-24 08:11:43.834 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-24 04:20:20.833 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-24 04:19:53.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-23 21:20:42.432 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-23 09:09:02.876 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-23 05:23:00.736 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. Date: 2018-02-23 05:22:30.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Sempron™ 145 Processor Percentage of memory in use: 89% Total physical RAM: 3839.37 MB Available physical RAM: 412.18 MB Total Virtual: 7676.9 MB Available Virtual: 3145.81 MB ==================== Drives ================================ Drive c: (eMachines) (Fixed) (Total:418.19 GB) (Free:9.2 GB) NTFS Drive z: (ANAMEANDSTUFFHERE) (Fixed) (Total:0.24 GB) (Free:0.15 GB) NTFS \\?\Volume{a0262846-e799-11df-ab58-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS \\?\Volume{a0262845-e799-11df-ab58-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F48B7043) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=418.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=35.5 GB) - (Type=0F Extended) ==================== End of Addition.txt ============================

#3 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2018 - 12:40 AM

I am sorry about the spacing in the first 2 posts, I don't know why or how that happened.


EDIT: I've decided to attach the text files themselves if the posts are unreadable.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Administrator (administrator) on THECOMPUTER (24-02-2018 23:32:05)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Ryan & UpdatusUser & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NCH Software) C:\Program Files (x86)\NCH Software\Debut\debut.exe
() C:\Program Files (x86)\NCH Software\Components\x264enc5\x264enc5.exe
() C:\Program Files (x86)\NCH Software\Components\mp3el2\lame.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-15] (AVAST Software)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [WsmUpdater] => C:\Program Files (x86)\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe [292208 2012-05-18] (Web Solution Mart)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2018-02-06]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{068BA458-B45C-47FE-A520-7FA3691B0CDC}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{1B2BA82E-4748-4168-9FF8-911A15D19101}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{300D6ADE-B8B9-480B-887A-4F17A6EB3699}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{486C428A-F9CF-4663-A5E7-F0337A98B6B1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E4B07EAD-0FAC-4779-9276-8DD61EFB2FF1}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-15] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF DefaultProfile: 0j1dkpdm.default-1393789532672
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\hg2nzb4t.default [2014-04-28]
FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\hg2nzb4t.default -> resource://webapp/openvpn.html
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672 [2018-02-24]
FF Homepage: Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672 -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF NetworkProxy: Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672 -> backup.ftp", ""
FF Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\sp@avast.com.xpi [2018-01-21]
FF Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\wrc@avast.com.xpi [2017-11-19]
FF Extension: (Tamper Data) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-06-30] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-21]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0j1dkpdm.default-1393789532672\searchplugins\yahoo-avast.xml [2014-06-18]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m9ndbmnu.dev-edition-default [2018-02-23]
FF Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m9ndbmnu.dev-edition-default\Extensions\wrc@avast.com.xpi [2017-11-19]
FF HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2018-02-24]
CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-09]
CHR Extension: (Off The Record History) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbaolpiihkcmmfjnjdmomeeheldhhdp [2017-11-26]
CHR Extension: (Disconnect) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (ScriptSafe) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-02-15] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-15] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [4863752 2016-02-17] (Realtek Semiconductor Corporation )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [192944 2018-02-15] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-05] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-05] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-05] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-05] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [190440 2018-02-15] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-02-15] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-02-15] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-02-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-02-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-02-15] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [459952 2018-02-15] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205464 2018-02-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379448 2018-02-15] (AVAST Software)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [307968 2012-07-26] (D-vitec)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2014-01-17] ()
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-24] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0049.sys [28768 2014-09-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0059.sys [28768 2014-09-20] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN3; C:\Windows\System32\DRIVERS\Neo_0089.sys [28640 2015-04-15] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2017-08-02] (SoftEther Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 23:32 - 2018-02-24 23:44 - 000023997 _____ C:\Users\Administrator\Downloads\FRST.txt
2018-02-24 23:26 - 2018-02-24 23:32 - 000000000 ____D C:\FRST
2018-02-24 23:25 - 2018-02-24 23:25 - 002403328 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2018-02-24 23:24 - 2018-02-24 23:24 - 001763328 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2018-02-24 05:19 - 2018-02-24 05:19 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-23 21:14 - 2018-02-24 05:18 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-23 21:14 - 2018-02-23 21:14 - 000001836 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-23 21:14 - 2018-02-23 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-23 21:13 - 2018-02-23 21:13 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-02-18 19:24 - 2018-02-18 19:24 - 000019578 _____ C:\Users\Administrator\Downloads\Steve Vai - Bangkok (power).ptb
2018-02-18 18:26 - 2018-02-18 18:26 - 000128055 _____ C:\Users\Administrator\Downloads\Steve Vai - Fire Garden Suite (power) (1).ptb
2018-02-15 01:10 - 2018-02-15 01:09 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-02-14 08:00 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 08:00 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 08:00 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 08:00 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 08:00 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 08:00 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 08:00 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 08:00 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 08:00 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 08:00 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 08:00 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 08:00 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 08:00 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 08:00 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 08:00 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 08:00 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 08:00 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 08:00 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 08:00 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 08:00 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 08:00 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 08:00 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 08:00 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 08:00 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 08:00 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 07:59 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 07:59 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 07:59 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 07:59 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 07:59 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 07:59 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 07:59 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 07:59 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 07:59 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 07:59 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 07:59 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 07:59 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 07:59 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 07:59 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 07:59 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 07:59 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 07:59 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 07:59 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 07:59 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 07:59 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 07:59 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 07:59 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 07:59 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 07:59 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 07:59 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 07:59 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 07:59 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 07:59 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 07:59 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 07:59 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 07:59 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 07:59 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 07:59 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 07:59 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 07:59 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 07:59 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 07:59 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 07:59 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 07:59 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 07:59 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 07:59 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 07:59 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 07:59 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 07:59 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 07:59 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 07:59 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 07:59 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 07:59 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 07:59 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 07:59 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 07:59 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 07:59 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 07:59 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 07:59 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 07:59 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 07:59 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 07:59 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 07:59 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 07:59 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 07:59 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 07:59 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 07:59 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 07:59 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 07:59 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 07:59 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 07:59 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 07:59 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 07:59 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 07:59 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 07:59 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 07:59 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 07:59 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 07:59 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 07:59 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 07:59 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 07:59 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 07:59 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 07:59 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 07:59 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 07:59 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 07:59 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 07:59 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 07:59 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 07:59 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 07:59 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 07:59 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 07:59 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 07:59 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 07:59 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 07:59 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 07:59 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 07:59 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 07:59 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 07:59 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 07:59 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 07:59 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 07:59 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 07:59 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 07:59 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 07:59 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 07:59 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 07:59 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 07:59 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 07:59 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 07:59 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 07:59 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 07:59 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 07:59 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 07:59 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 07:59 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 07:59 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 07:57 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 07:57 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 07:57 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 07:57 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-07 15:20 - 2018-02-07 15:20 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-02-07 01:23 - 2018-02-07 01:23 - 000044854 _____ C:\Users\Administrator\Downloads\Dream Theater - Hells Kitchen (power tab) (2).ptb
2018-02-06 23:29 - 2018-02-06 23:29 - 000002051 _____ C:\Users\Public\Desktop\NETGEAR A6100 Genie.lnk
2018-02-06 23:29 - 2018-02-06 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR A6100 Genie
2018-02-06 23:29 - 2018-02-06 23:29 - 000000000 ____D C:\Program Files (x86)\NETGEAR
2018-02-06 23:29 - 2013-08-21 23:20 - 000006588 _____ C:\Windows\system32\Drivers\A6100_LMT.txt
2018-02-06 23:29 - 2013-08-21 23:20 - 000001529 _____ C:\Windows\system32\Drivers\A6100.txt
2018-02-06 23:28 - 2018-02-06 23:28 - 000000000 ____D C:\ProgramData\NETGEAR
2018-02-06 23:26 - 2018-02-06 23:26 - 000000000 ____D C:\Users\Administrator\Downloads\NETGEAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 23:40 - 2013-04-12 22:43 - 000000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job
2018-02-24 22:51 - 2012-03-30 15:40 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job
2018-02-24 22:40 - 2013-04-12 22:43 - 000000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job
2018-02-24 19:28 - 2010-08-30 06:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-24 16:51 - 2012-03-30 15:40 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job
2018-02-24 04:56 - 2009-07-13 23:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-24 04:56 - 2009-07-13 23:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:20 - 2017-04-16 00:52 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-02-23 21:13 - 2017-12-29 00:40 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-23 21:13 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-23 21:13 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-02-23 21:05 - 2013-06-26 01:00 - 000000000 ____D C:\Users\Administrator
2018-02-23 21:05 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-23 12:33 - 2017-07-02 10:57 - 000000000 ____D C:\Program Files\Opera
2018-02-21 03:12 - 2017-07-02 10:58 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1499011116
2018-02-15 13:49 - 2009-07-13 23:45 - 000351776 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-15 03:48 - 2014-12-10 03:55 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-15 03:28 - 2013-08-13 02:02 - 000000000 ____D C:\Windows\system32\MRT
2018-02-15 03:19 - 2017-10-12 02:22 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-15 03:18 - 2011-01-11 13:52 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-15 03:09 - 2011-07-24 23:21 - 000775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-15 01:10 - 2013-03-17 10:57 - 000000000 ____D C:\Users\UpdatusUser
2018-02-15 01:10 - 2011-01-06 23:33 - 000000000 ____D C:\Users\Ryan
2018-02-15 01:09 - 2017-11-19 03:48 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-02-15 01:09 - 2014-05-07 18:50 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-02-15 01:09 - 2013-12-28 04:33 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-02-15 01:09 - 2013-03-03 18:40 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-02-15 01:09 - 2013-03-03 18:40 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-02-15 01:09 - 2013-03-03 18:40 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-02-15 01:09 - 2013-03-03 18:40 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-02-15 01:09 - 2013-03-03 18:40 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-02-15 01:08 - 2013-03-03 18:40 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-02-15 01:07 - 2018-01-05 00:53 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-02-13 21:07 - 2014-03-04 13:06 - 000002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-13 21:07 - 2014-03-04 13:06 - 000002071 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-09 19:57 - 2012-10-29 22:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-07 15:23 - 2013-11-13 16:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-02-07 15:20 - 2014-09-20 13:55 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 15:20 - 2014-09-20 13:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 15:20 - 2014-09-20 13:55 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 15:17 - 2011-11-18 15:45 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 23:29 - 2010-08-30 06:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-06 23:27 - 2011-07-30 09:48 - 000000000 ____D C:\Windows\Downloaded Installations
2018-02-02 18:42 - 2017-11-14 22:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2011-01-06 21:32 - 2013-03-21 16:55 - 000000034 ____H () C:\Users\Ryan\jagex_runescape_preferences.dat
2011-01-06 21:33 - 2013-03-21 16:56 - 000000117 ____H () C:\Users\Ryan\jagex_runescape_preferences2.dat
2013-12-07 04:33 - 2013-12-07 04:33 - 000000378 _____ () C:\Program Files (x86)\temp995.bat
2014-01-09 20:52 - 2014-01-09 20:53 - 000001265 _____ () C:\Users\Administrator\AppData\Roaming\trace_FilterInstaller.1.txt
2014-01-09 20:52 - 2014-01-17 23:49 - 000001265 _____ () C:\Users\Administrator\AppData\Roaming\trace_FilterInstaller.txt
2014-01-09 20:52 - 2014-01-17 23:49 - 000000000 _____ () C:\Users\Administrator\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-10-21 07:56 - 2014-10-21 07:56 - 000173636 _____ () C:\Users\Administrator\AppData\Roaming\VideoPad.dmp
2013-09-19 15:39 - 2013-09-19 15:39 - 000000037 ___SH () C:\Users\Administrator\AppData\Local\70149b02515b3bb20dd492.47983420
2014-04-10 12:59 - 2017-02-08 20:25 - 000008704 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-23 02:46 - 2014-02-23 02:46 - 000000218 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-11-19 01:00 - 2017-11-19 01:00 - 000003584 _____ () C:\Users\Administrator\AppData\Local\Temp\af8jdjuu.dll
2017-07-30 17:49 - 2017-07-30 17:49 - 008719048 _____ (Web Solution Mart ) C:\Users\Administrator\AppData\Local\Temp\FH3427.tmp.exe
2017-07-30 17:49 - 2017-07-30 17:49 - 012444400 _____ (Web Solution Mart ) C:\Users\Administrator\AppData\Local\Temp\FH7F89.tmp.exe
2017-12-09 14:02 - 2017-12-09 14:02 - 000003584 _____ () C:\Users\Administrator\AppData\Local\Temp\lun35ndn.dll
2017-12-10 01:00 - 2017-12-10 01:00 - 000003584 _____ () C:\Users\Administrator\AppData\Local\Temp\mpvpo0yw.dll
2017-11-15 21:03 - 2017-11-15 21:03 - 000004608 _____ () C:\Users\Administrator\AppData\Local\Temp\pz_50_ha.dll
2017-08-26 21:28 - 2017-08-26 21:28 - 007178424 _____ (VS Revo Group ) C:\Users\Administrator\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-30 03:03

==================== End of FRST.txt ============================

Edited by Oh My!, 25 February 2018 - 09:44 AM.


#4 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2018 - 12:48 AM

Sorry about this, could only attach 1 file in a post.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Administrator (24-02-2018 23:59:29)
Running from C:\Users\Administrator\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-07 04:33:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1586326372-1664844804-1117412497-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1586326372-1664844804-1117412497-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1586326372-1664844804-1117412497-1002 - Limited - Enabled)
Ryan (S-1-5-21-1586326372-1664844804-1117412497-1001 - Administrator - Enabled) => C:\Users\Ryan
UpdatusUser (S-1-5-21-1586326372-1664844804-1117412497-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Anti-Virus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (HKLM-x32\...\WT088650) (Version: 2.2.0.95 - WildTangent) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe SWF Investigator (HKLM-x32\...\SWFInvestigator) (Version: 0.6.5 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (HKLM-x32\...\WT088147) (Version: 2.2.0.95 - WildTangent) Hidden
Application Verifier x64 External Package (HKLM\...\{77F3D72C-465F-BD51-890E-CC3914B1365F}) (Version: 8.100.26629 - Microsoft) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software)
AVG 2013 (HKLM\...\{9B305FB9-297D-4F86-BC8B-740E7A1EF200}) (Version: 13.0.2793 - AVG Technologies) Hidden
AzureTools.Notifications.VwdExpress (HKLM-x32\...\{4C4FEB30-6A9F-402F-8E17-6C4C67AB3498}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT088155) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT088374) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Core Temp 1.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.1 - Alcpu)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
DownloadX ActiveX Download Control 1.6.5 (HKLM-x32\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - DownloadXCtrl.com)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eMachines Game Console (HKLM-x32\...\eMachines Game Console) (Version: - WildTangent) Hidden
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.1.3 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fake Webcam Codecs Pack 1.0.0 (HKLM\...\fwccpsetup_is1) (Version: 1.0.0 - Web Solution Mart)
Firefox Developer Edition 36.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 36.0a2 (x86 en-US)) (Version: 36.0a2 - Mozilla)
FlashDevelop (HKLM-x32\...\FlashDevelop) (Version: 5.0.2 - FlashDevelop.org)
FoxTab PDF Converter (HKLM-x32\...\FoxTab PDF Converter) (Version: - FoxTab) <==== ATTENTION
FrostWire 6.2.2 (HKLM-x32\...\FrostWire 6) (Version: 6.2.2.176 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{15CC861C-C69E-3758-8961-CE304C2595B6}) (Version: 4.4.2.14502 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 4.1.2 (HKLM-x32\...\ManyCam) (Version: 4.1.2 - Visicom Media Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F940D859-DDB5-4067-82E2-3C8D02F8E09F}) (Version: 4.0.1653.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Web - ENU (HKLM-x32\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
MSI Development Tools (HKLM-x32\...\{CF3A1CA6-5E5E-B4BD-6CF1-363056816CA2}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{8b69867b-791d-4d84-8fbd-efced15a15d1}) (Version: - Nero AG)
NETGEAR A6100 Genie (HKLM-x32\...\{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR) Hidden
NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 51.0.2830.34 (HKLM-x32\...\Opera 51.0.2830.34) (Version: 51.0.2830.34 - Opera Software)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SDK ARM Additions (HKLM-x32\...\{5A5DB011-54FB-C3B3-2DDB-5E6C1B80115D}) (Version: 8.100.26638 - Microsoft Corporation) Hidden
SDK ARM Additions EULA (HKLM-x32\...\{604103DF-C562-D628-F735-8FE352345B12}) (Version: 8.100.26638 - Microsoft Corporations) Hidden
SDK ARM Redistributables (HKLM-x32\...\{8B1AEFB9-D22B-205A-C0CD-1675DA7DAB86}) (Version: 8.100.26638 - Microsoft Corporation) Hidden
SDK Debuggers (HKLM-x32\...\{9274C832-3D8A-A294-FDE8-8B9272357098}) (Version: 8.100.26629 - Microsoft Corporation) Hidden
SDK Debuggers ARM (HKLM-x32\...\{C657864C-CFF9-B50F-6451-F8C6AA15A569}) (Version: 8.100.26638 - Microsoft Corporation) Hidden
Security Task Manager 1.8c (HKLM-x32\...\Security Task Manager) (Version: 1.8c - Neuber Software)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SWiX 1.4.0.2318 (HKLM-x32\...\SWiX_is1) (Version: 1.4.0.2318 - Richmedia Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TinyWord 2.9.0 (HKLM-x32\...\TinyWord2) (Version: 2.9.0 - AbiSource Developers)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC Media Player (HKLM-x32\...\VLC Media Player1.1.11) (Version: 1.1.11 - VideoLAN)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
VSDC Free Video Editor version 2.2.2.323 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.2.2.323 - Flash-Integro LLC)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Kit for Windows 8.1 (HKLM-x32\...\{da762e25-7812-4a12-871c-93574078d85a}) (Version: 8.100.26638 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{57334b90-51ab-4979-a6e4-ab0f7632479a}) (Version: 8.100.26654 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WM Capture 5 (HKLM-x32\...\WM Capture 5) (Version: 5.0 - AllAlex,Inc)
WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.26654 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.26629 - Microsoft) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2014-02-05] ()
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-25] (Lavasoft Limited)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-25] (Lavasoft Limited)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-15] (AVAST Software)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2014-02-05] ()
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-05-25] (Lavasoft Limited)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B3804D-561B-472A-B532-D5E826569144} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {0138DECD-24DE-4354-9AE6-29AC4F5534B1} - System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => C:\Windows\system32\pcalua.exe -a "C:\Windows\TEMP\avast_ash\Adobe AIR\AdobeAIRInstaller.exe" -d "C:\Program Files\AVAST Software\Avast" <==== ATTENTION
Task: {021E26CF-FAB5-4EF3-9566-FC52C74FBE72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0D09594C-0039-4EB8-B038-F7CC91819295} - System32\Tasks\{7951C582-317B-4C20-82B8-AC3C1F539956} => C:\Windows\system32\pcalua.exe -a C:\Users\Ryan\Downloads\Shockwave_Installer_Slim(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {161C680D-FF2C-4AD4-8F11-68FB488BFF01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {230528CA-6172-43F8-A6D4-033B142057D8} - System32\Tasks\SafeZone scheduled Autoupdate 1465980449 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {4884B578-588A-47FA-A6CD-FAB728E90A88} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-15] (AVAST Software)
Task: {65623F98-3F29-4528-B5CB-A0D01AAE4627} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1586326372-1664844804-1117412497-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {66F7E766-94D3-48FD-813C-D191E3D361C6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1586326372-1664844804-1117412497-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6A226930-7CCD-4D62-9287-A4F70270C53F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6E0F6FC7-B74F-4398-B321-72849FE24201} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {6F9B543E-DD4D-44BE-B8FB-1262A4067896} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {94CBD347-1B70-48E9-A816-90D097E3F7A5} - System32\Tasks\{304C4539-D934-427A-BFFB-B72EE40388EB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MagicISO\MagicISO.exe" -d C:\Users\Ryan\Desktop
Task: {B500D725-6E3E-4BAF-AB0A-95D5E687500D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {BAF5D18C-E422-409F-AD95-5B962C890F2E} - System32\Tasks\{656C6779-3CAA-4939-A795-CDBC4665D789} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/4.1.0.179.369/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {C4EE6D26-6CF0-45DF-96D4-ABBEA4BB37C3} - System32\Tasks\{3B23FE6C-6236-4856-BADA-415BE4AE248E} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {CD8A6502-CE29-4257-B5D9-DB3F90A9FBC7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-08] (AVAST Software)
Task: {CE5441ED-87F1-4C68-AF69-952FE9DB1576} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {D47339DF-A505-4403-9973-87CAE6186C5A} - System32\Tasks\{39D11008-5370-4F9C-B2FF-EBC944C62FD4} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\NCH Software\Doxillion\uninst.exe"
Task: {D968B6F6-C0C2-4E3F-AF6E-A6B5B7FF2828} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {E505CDF0-5C25-4255-81C3-390383BC4150} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EE21C42B-D209-467F-A292-4C93AC11C85A} - System32\Tasks\{A3FE7B6D-ADCC-4BD3-B697-1FF73E1F0615} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\Cain\UNWISE.EXE -c C:\PROGRA~2\Cain\INSTALL.LOG
Task: {F84C9496-1CC1-4B59-94A6-BF1207020566} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F91C6493-5C83-4482-B17D-D2E56F2A0C16} - System32\Tasks\Opera scheduled Autoupdate 1499011116 => C:\Program Files\Opera\launcher.exe [2018-02-15] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586326372-1664844804-1117412497-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.2.2-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.emachines.com/redirect.aspx?rid=09000003

==================== Loaded Modules (Whitelisted) ==============

2013-03-17 10:56 - 2015-01-30 19:57 - 000086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-10 18:01 - 2009-08-10 18:01 - 000626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 18:00 - 2009-08-10 18:00 - 000070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 18:01 - 2009-08-10 18:01 - 000578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-02-05 04:33 - 2014-02-05 04:33 - 000089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2009-08-10 18:01 - 2009-08-10 18:01 - 000206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2018-02-15 01:08 - 2018-02-15 01:08 - 000721112 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000326360 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2018-02-23 21:14 - 2018-02-24 05:18 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2014-01-09 20:52 - 2012-10-19 09:54 - 001492222 _____ () C:\Program Files (x86)\NCH Software\Components\x264enc5\x264enc5.exe
2014-01-09 20:52 - 2007-11-27 08:41 - 000405504 _____ () C:\Program Files (x86)\NCH Software\Components\mp3el2\lame.exe
2018-02-13 21:07 - 2018-02-12 23:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll
2018-02-13 21:07 - 2018-02-12 23:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-02-15 01:07 - 2018-02-15 01:07 - 000172248 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000963288 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000468696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-02-15 01:08 - 2018-02-15 01:08 - 000339160 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-02-23 21:15 - 2018-02-23 21:15 - 005822096 _____ () C:\Program Files\AVAST Software\Avast\defs\18022310\algo.dll
2018-02-24 05:38 - 2018-02-24 05:38 - 005822096 _____ () C:\Program Files\AVAST Software\Avast\defs\18022400\algo.dll
2016-01-07 09:17 - 2016-01-07 09:17 - 000094208 _____ () C:\Program Files (x86)\NETGEAR\A6100\Realtek.dll
2012-11-06 09:47 - 2012-11-06 09:47 - 000114688 _____ () C:\Program Files (x86)\NETGEAR\A6100\EnumDevLib.dll
2017-07-03 22:50 - 2017-07-03 22:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-15 01:07 - 2018-02-15 01:07 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-01-09 20:52 - 2014-01-17 23:49 - 000069632 _____ () C:\Program Files (x86)\NCH Software\Debut\debuthooksdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [133]
AlternateDataStreams: C:\ProgramData\TEMP:58E127A5 [214]
AlternateDataStreams: C:\ProgramData\TEMP:80337C03 [250]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\localhost -> hxxps://localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-03-01 13:54 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A6343D57-54B8-423C-B6F5-577E012E6EA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2EC1721A-BF5E-408D-9097-20F0B02C56B8}] => (Allow) svchost.exe
FirewallRules: [{2A8CBBC7-A0AA-4372-8CA5-0A86F12342D7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F9F5667B-098A-4BAD-8542-F305AEE3681A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{431A9FF4-E1F0-41C3-BAEE-FBBE8DE3FA81}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4910E33E-DE11-4CB0-96F7-7A3628C96C45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F7C0134-4EC6-421A-97A8-0F5239DBDC0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43AE0BE8-6E4F-4031-85E3-8FF1BD7FD072}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3D37CE4A-A51C-4C32-8623-5E2EF674BC4B}] => (Allow) LPort=2869
FirewallRules: [{53781FF6-4ACC-4677-8F5C-8D1E68F5F0FA}] => (Allow) LPort=1900
FirewallRules: [{D8744737-CDF5-4A0C-B287-A8599694FBFE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{70B54969-F310-4C1F-A04C-F23489A27113}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{20C61F99-DE92-4B79-AD05-7E46030E8031}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9F01EC5A-6E56-4637-ADD9-8D1474CBB46A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{C093FC8E-B654-473C-BFF7-619F49DBD227}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{799802DA-30B9-4B94-913C-5414662CDA94}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{2FDF8B07-A88C-4814-B8C0-8C74D2E20EB5}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{B11FAEBC-2276-4CA8-9C15-D756EC0DC0D0}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{096E3A58-2799-4780-AAEE-D559C71D4499}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe
FirewallRules: [{90EDA146-BFF1-4B0F-A34E-7AF4A140CD85}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe
FirewallRules: [{27A8066C-F364-465F-A843-70B835BDC878}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{C7725DDE-D2DB-4FC2-886E-5C977D1310B6}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{696768FA-E899-44C5-A11E-148A4E0034C4}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
FirewallRules: [{4DC30ACA-E8C6-4A8B-832D-D06EA8E44997}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
FirewallRules: [{5F7E945F-5833-4202-96E6-610B118EA539}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D39EA51-1DD3-4CA8-93E0-090236EC7646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45ACC91B-E8C4-4DEA-A945-4E1CF32BDD74}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6F3D2CC7-5B5C-4875-8CFA-EC1BDBA3B5A5}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{10108EF1-3C1F-40C1-9838-E9D9804BDE2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D4536E6-A704-4796-A7D0-D224003648E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B981001B-BAD2-48DA-988F-8152E4B6DBC3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{61935809-5215-47B8-AC18-C701002AEAFB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2B2BB3FE-8C18-45CE-A520-C19A364F6731}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{4D808C98-8499-48B7-9283-8F300A0E20B4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{AA9C2ACE-5501-4AF5-9F62-1F62FABA6657}] => (Allow) C:\Program Files\Opera\50.0.2762.67\opera.exe
FirewallRules: [{5EAA6B58-164F-4DB2-99AB-986B6B8EB8B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{76A57696-8CF3-4E86-8113-7484D30198C4}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe

==================== Restore Points =========================

19-01-2018 11:19:24 Scheduled Checkpoint
20-01-2018 03:00:17 Windows Update
27-01-2018 03:55:00 Scheduled Checkpoint
06-02-2018 22:29:47 Scheduled Checkpoint
06-02-2018 23:28:17 Installed NETGEAR A6100 Genie
14-02-2018 05:27:09 Scheduled Checkpoint
15-02-2018 03:01:24 Windows Update

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2018 09:07:08 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (02/15/2018 01:50:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (02/09/2018 07:59:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (01/29/2018 02:59:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (01/11/2018 03:22:22 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

Error: (01/10/2018 01:58:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (01/09/2018 02:29:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "mcupdate, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64". The error returned was Error: The specified assembly is not installed.
.

Error: (01/09/2018 02:25:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.


System errors:
=============
Error: (02/25/2018 12:08:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (02/23/2018 09:18:19 PM) (Source: nvstor64) (EventID: 4) (User: )
Description: Command to device was aborted.



Device: \Device\RaidPort0

Model: Hitachi HDS721050CLA362

Firmware Version: JP2O

Serial Number: JPF540HE1ZTD9T

Port: 0

Error: (02/23/2018 09:15:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/23/2018 09:12:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (02/23/2018 09:12:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
Logon failure: the specified account password has expired.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/23/2018 09:08:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (02/23/2018 09:08:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.

Error: (02/23/2018 09:06:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126


CodeIntegrity:
===================================

Date: 2018-02-24 18:26:12.866
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-24 08:11:43.834
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-24 04:20:20.833
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-24 04:19:53.800
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-23 21:20:42.432
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-23 09:09:02.876
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-23 05:23:00.736
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-02-23 05:22:30.815
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\avgmfapx.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Sempron™ 145 Processor
Percentage of memory in use: 89%
Total physical RAM: 3839.37 MB
Available physical RAM: 412.18 MB
Total Virtual: 7676.9 MB
Available Virtual: 3145.81 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:418.19 GB) (Free:9.2 GB) NTFS
Drive z: (ANAMEANDSTUFFHERE) (Fixed) (Total:0.24 GB) (Free:0.15 GB) NTFS

\\?\Volume{a0262846-e799-11df-ab58-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
\\?\Volume{a0262845-e799-11df-ab58-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F48B7043)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=418.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=35.5 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

Edited by Oh My!, 25 February 2018 - 09:44 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,172 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 PM

Posted 25 February 2018 - 09:42 AM

Greetings bighippo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,172 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 PM

Posted 25 February 2018 - 02:53 PM

Greetings.

Your computer is running dangerously low on resources and this alone can cause, and probably does cause your issues.
 

Processor: AMD Sempron™ 145 Processor
Percentage of memory in use: 89%
Total physical RAM: 3839.37 MB
Available physical RAM: 412.18 MB
Total Virtual: 7676.9 MB
Available Virtual: 3145.81 MB

Drive c: (eMachines) (Fixed) (Total:418.19 GB) (Free:9.2 GB) NTFS


Though this may not help, please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Avast Free Antivirus
AVG 2013
FoxTab PDF Converter 
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
  • Reboot your computer into Normal Boot and check the performance

===================================================

Malwarebytes AdwCleaner

-------------------

  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy\User: Restriction <==== ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] 
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\ChromeHTML:
Task: {0138DECD-24DE-4354-9AE6-29AC4F5534B1} - System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => C:\Windows\system32\pcalua.exe -a "C:\Windows\TEMP\avast_ash\Adobe AIR\AdobeAIRInstaller.exe" -d "C:\Program Files\AVAST Software\Avast"
C:\Windows\TEMP\avast_ash
Task: {F84C9496-1CC1-4B59-94A6-BF1207020566} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [133]
AlternateDataStreams: C:\ProgramData\TEMP:58E127A5 [214]
AlternateDataStreams: C:\ProgramData\TEMP:80337C03 [250]
cmd: type "C:\Program Files (x86)\temp995.bat"
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Programs uninstall?
  • AdwCleaner report
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2018 - 08:31 PM

I uninstalled those 3 programs and did an advanced scan to remove more, but I noticed the AVG 2013 desktop icon is still there even after restarting. This is why it's still there in the first place. When I tried to uninstall it in 2013, all that happened was it disappeared from the programs list on my computer. I had to use hunter mode to do anything to it here and while it said it was deleting stuff, I noticed the icon is still there which is odd. I kept it there because I want it automatically removed. Anything that truly erases any trace of it should do that, right? Everything I've tried so far hasn't done that and I don't know why. My computer seems to be working fine for now. Haven't had any freezes or any lags since doing the scans. Something different I've noticed is that the browser icons I have saved onto the taskbar don't have an option to open incognito windows when I right click them anymore. Also, I'm glad you pointed out that I was running low on space. I have a lot of videos, movies, shows, etc saved and they tend to pile up. It's gotten that low before and I've deleted dozens of GBs to make more space. I easily deleted about 7 GB before scanning with anything. But my computer's never lagged or froze when it got low on space so I don't know what's different now if that's the problem. # AdwCleaner 7.0.8.0 - Logfile created on Mon Feb 26 00:41:00 2018 # Updated on 2018/08/02 by Malwarebytes # Database: 02-23-2018.2 # Running on Windows 7 Home Premium (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion PUP.Optional.Legacy, C:\Users\Ryan\AppData\Roaming\ProgSense PUP.Optional.Legacy, C:\ProgramData\EmailNotifier PUP.Optional.Legacy, C:\ProgramData\Application Data\EmailNotifier PUP.Optional.Legacy, C:\Users\All Users\EmailNotifier PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain PUP.Optional.Legacy, C:\Program Files (x86)\Cain PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion PUP.Optional.Legacy, C:\Users\Ryan\AppData\LocalLow\Yahoo!\Companion PUP.Optional.Legacy, C:\Users\Administrator\AppData\Roaming\acestream PUP.Optional.Legacy, C:\Users\Administrator\AppData\LocalLow\.acestream PUP.Optional.Legacy, C:\Users\Administrator\AppData\Roaming\.acestream PUP.Adware.Heuristic, C:\Program Files (x86)\AirSnare ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FDF8B07-A88C-4814-B8C0-8C74D2E20EB5} PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B11FAEBC-2276-4CA8-9C15-D756EC0DC0D0} PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\cain PUP.Optional.Legacy, [Key] - HKCU\Software\cain PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\W3I PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {EEE6C35B-6118-11DC-9C72-001320C79847} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | BackgroundHost64.exe PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD | BackgroundHost64.exe PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | BackgroundHost.exe PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD | BackgroundHost.exe PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | DisableAddonLoadTimePerformanceNotifications PUP.Optional.SweetPacks, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {EEE6C35C-6118-11DC-9C72-001320C79847} PUP.Optional.Bandoo.AppFlsh, [Key] - HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Savevid PUP.Optional.Bandoo.AppFlsh, [Key] - HKCU\Software\Savevid PUP.Optional.FLVMPlayer, [Value] - HKLM\SOFTWARE\RegisteredApplications | FLV and Media Player PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\.DEFAULT\Software\Auslogics PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\S-1-5-18\Software\Auslogics PUP.Optional.AceStream, [Value] - HKCU\Software\RegisteredApplications | AceStream PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1378 B] - [2014/3/19 0:54:58] C:/AdwCleaner/AdwCleaner[S1].txt - [2585 B] - [2014/4/2 23:45:3] C:/AdwCleaner/AdwCleaner[S2].txt - [1441 B] - [2014/4/3 16:45:18] C:/AdwCleaner/AdwCleaner[S3].txt - [3546 B] - [2014/6/24 22:6:23] C:/AdwCleaner/AdwCleaner[S4].txt - [5728 B] - [2014/9/20 18:38:1] C:/AdwCleaner/AdwCleaner[S5].txt - [2840 B] - [2014/12/27 22:33:21] C:/AdwCleaner/AdwCleaner[S6].txt - [1884 B] - [2015/1/15 23:26:42] ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ########## Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018 Ran by Administrator (25-02-2018 19:49:19) Run:1 Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: Ryan & UpdatusUser & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: GroupPolicy\User: Restriction <==== ATTENTION HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\ChromeHTML: Task: {0138DECD-24DE-4354-9AE6-29AC4F5534B1} - System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => C:\Windows\system32\pcalua.exe -a "C:\Windows\TEMP\avast_ash\Adobe AIR\AdobeAIRInstaller.exe" -d "C:\Program Files\AVAST Software\Avast" C:\Windows\TEMP\avast_ash Task: {F84C9496-1CC1-4B59-94A6-BF1207020566} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe C:\Program Files (x86)\Lavasoft AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [133] AlternateDataStreams: C:\ProgramData\TEMP:58E127A5 [214] AlternateDataStreams: C:\ProgramData\TEMP:80337C03 [250] cmd: type "C:\Program Files (x86)\temp995.bat" emptytemp: ***************** Restore point was successfully created. Processes closed successfully. C:\Windows\system32\GroupPolicy\User => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully "HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk]" => not found AvastVBoxSvc => service not found. "HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully AppMgmt => service removed successfully "HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully ALSysIO => service removed successfully "HKLM\System\CurrentControlSet\Services\SBRE" => removed successfully SBRE => service removed successfully "HKLM\System\CurrentControlSet\Services\SliceDisk5" => removed successfully SliceDisk5 => service removed successfully "HKLM\System\CurrentControlSet\Services\taphss6" => removed successfully taphss6 => service removed successfully VBoxAswDrv => service not found. "HKU\S-1-5-21-1586326372-1664844804-1117412497-500_Classes\ChromeHTML" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0138DECD-24DE-4354-9AE6-29AC4F5534B1} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0138DECD-24DE-4354-9AE6-29AC4F5534B1} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => could not remove key. ErrorCode1: 0x00000002 "C:\Windows\TEMP\avast_ash" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F84C9496-1CC1-4B59-94A6-BF1207020566} => could not remove key. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84C9496-1CC1-4B59-94A6-BF1207020566} => could not remove key. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => could not remove key. ErrorCode1: 0x00000002 C:\Program Files (x86)\Lavasoft => moved successfully C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully C:\ProgramData\TEMP => ":58E127A5" ADS removed successfully C:\ProgramData\TEMP => ":80337C03" ADS removed successfully ========= type "C:\Program Files (x86)\temp995.bat" ========= :again del "C:\Program Files (x86)\pdf995\res\utilities\thinsetup.exe" if exist C:\Program Files (x86)\pdf995\res\utilities\thinsetup.exe goto again rmdir /Q "C:\Program Files (x86)\pdf995\res\utilities" rmdir /Q "C:\Program Files (x86)\pdf995\res" rmdir /Q "C:\Program Files (x86)\pdf995" rmdir /Q C:\Program Files (x86)\pdf995 del "C:\Program Files (x86)\temp995.bat" ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26706155 B Java, Flash, Steam htmlcache => 3637 B Windows/system/drivers => 378897282 B Edge => 0 B Chrome => 24101774 B Firefox => 193327601 B Opera => 20260343 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 83519 B systemprofile32 => 83253 B LocalService => 132244 B NetworkService => 66228 B Ryan => 9050532 B UpdatusUser => 0 B fbwuser => 0 B Administrator => 1395477249 B RecycleBin => 0 B EmptyTemp: => 1.9 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2018 19:57:17) Result of scheduled keys to remove after reboot: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0138DECD-24DE-4354-9AE6-29AC4F5534B1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0138DECD-24DE-4354-9AE6-29AC4F5534B1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B65D5209-7975-447A-83FF-A7FC5388F9FB}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F84C9496-1CC1-4B59-94A6-BF1207020566}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84C9496-1CC1-4B59-94A6-BF1207020566}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => removed successfully ==== End of Fixlog 19:57:17 ====

#8 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2018 - 08:34 PM

I'm sorry again about the spacing problems. Test. Test. Test.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,172 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 PM

Posted 26 February 2018 - 09:11 AM

Please attach the report.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 February 2018 - 11:24 AM

Alright.

# AdwCleaner 7.0.8.0 - Logfile created on Mon Feb 26 00:41:00 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-23-2018.2
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy, C:\Users\Ryan\AppData\Roaming\ProgSense
PUP.Optional.Legacy, C:\ProgramData\EmailNotifier
PUP.Optional.Legacy, C:\ProgramData\Application Data\EmailNotifier
PUP.Optional.Legacy, C:\Users\All Users\EmailNotifier
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
PUP.Optional.Legacy, C:\Program Files (x86)\Cain
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Users\Ryan\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Users\Administrator\AppData\Roaming\acestream
PUP.Optional.Legacy, C:\Users\Administrator\AppData\LocalLow\.acestream
PUP.Optional.Legacy, C:\Users\Administrator\AppData\Roaming\.acestream
PUP.Adware.Heuristic, C:\Program Files (x86)\AirSnare


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FDF8B07-A88C-4814-B8C0-8C74D2E20EB5}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B11FAEBC-2276-4CA8-9C15-D756EC0DC0D0}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\cain
PUP.Optional.Legacy, [Key] - HKCU\Software\cain
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\W3I
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {EEE6C35B-6118-11DC-9C72-001320C79847}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | BackgroundHost64.exe
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD | BackgroundHost64.exe
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | BackgroundHost.exe
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD | BackgroundHost.exe
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | DisableAddonLoadTimePerformanceNotifications
PUP.Optional.SweetPacks, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {EEE6C35C-6118-11DC-9C72-001320C79847}
PUP.Optional.Bandoo.AppFlsh, [Key] - HKU\S-1-5-21-1586326372-1664844804-1117412497-500\Software\Savevid
PUP.Optional.Bandoo.AppFlsh, [Key] - HKCU\Software\Savevid
PUP.Optional.FLVMPlayer, [Value] - HKLM\SOFTWARE\RegisteredApplications | FLV and Media Player
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\.DEFAULT\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\S-1-5-18\Software\Auslogics
PUP.Optional.AceStream, [Value] - HKCU\Software\RegisteredApplications | AceStream
PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1378 B] - [2014/3/19 0:54:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [2585 B] - [2014/4/2 23:45:3]
C:/AdwCleaner/AdwCleaner[S2].txt - [1441 B] - [2014/4/3 16:45:18]
C:/AdwCleaner/AdwCleaner[S3].txt - [3546 B] - [2014/6/24 22:6:23]
C:/AdwCleaner/AdwCleaner[S4].txt - [5728 B] - [2014/9/20 18:38:1]
C:/AdwCleaner/AdwCleaner[S5].txt - [2840 B] - [2014/12/27 22:33:21]
C:/AdwCleaner/AdwCleaner[S6].txt - [1884 B] - [2015/1/15 23:26:42]


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ##########

Attached Files


Edited by Oh My!, 26 February 2018 - 06:25 PM.


#11 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 February 2018 - 11:25 AM

Should I just attach all files from now on to save time?

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Administrator (25-02-2018 19:49:19) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Ryan & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy\User: Restriction <==== ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
HKU\S-1-5-21-1586326372-1664844804-1117412497-500\...\ChromeHTML:
Task: {0138DECD-24DE-4354-9AE6-29AC4F5534B1} - System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => C:\Windows\system32\pcalua.exe -a "C:\Windows\TEMP\avast_ash\Adobe AIR\AdobeAIRInstaller.exe" -d "C:\Program Files\AVAST Software\Avast"
C:\Windows\TEMP\avast_ash
Task: {F84C9496-1CC1-4B59-94A6-BF1207020566} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [133]
AlternateDataStreams: C:\ProgramData\TEMP:58E127A5 [214]
AlternateDataStreams: C:\ProgramData\TEMP:80337C03 [250]
cmd: type "C:\Program Files (x86)\temp995.bat"
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk]" => not found
AvastVBoxSvc => service not found.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\SBRE" => removed successfully
SBRE => service removed successfully
"HKLM\System\CurrentControlSet\Services\SliceDisk5" => removed successfully
SliceDisk5 => service removed successfully
"HKLM\System\CurrentControlSet\Services\taphss6" => removed successfully
taphss6 => service removed successfully
VBoxAswDrv => service not found.
"HKU\S-1-5-21-1586326372-1664844804-1117412497-500_Classes\ChromeHTML" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0138DECD-24DE-4354-9AE6-29AC4F5534B1} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0138DECD-24DE-4354-9AE6-29AC4F5534B1} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B65D5209-7975-447A-83FF-A7FC5388F9FB} => could not remove key. ErrorCode1: 0x00000002
"C:\Windows\TEMP\avast_ash" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F84C9496-1CC1-4B59-94A6-BF1207020566} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84C9496-1CC1-4B59-94A6-BF1207020566} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => could not remove key. ErrorCode1: 0x00000002
C:\Program Files (x86)\Lavasoft => moved successfully
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully
C:\ProgramData\TEMP => ":58E127A5" ADS removed successfully
C:\ProgramData\TEMP => ":80337C03" ADS removed successfully

========= type "C:\Program Files (x86)\temp995.bat" =========

:again
del "C:\Program Files (x86)\pdf995\res\utilities\thinsetup.exe"
if exist C:\Program Files (x86)\pdf995\res\utilities\thinsetup.exe goto again
rmdir /Q "C:\Program Files (x86)\pdf995\res\utilities"
rmdir /Q "C:\Program Files (x86)\pdf995\res"
rmdir /Q "C:\Program Files (x86)\pdf995"
rmdir /Q C:\Program Files (x86)\pdf995
del "C:\Program Files (x86)\temp995.bat"

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26706155 B
Java, Flash, Steam htmlcache => 3637 B
Windows/system/drivers => 378897282 B
Edge => 0 B
Chrome => 24101774 B
Firefox => 193327601 B
Opera => 20260343 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 83253 B
LocalService => 132244 B
NetworkService => 66228 B
Ryan => 9050532 B
UpdatusUser => 0 B
fbwuser => 0 B
Administrator => 1395477249 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-02-2018 19:57:17)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0138DECD-24DE-4354-9AE6-29AC4F5534B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0138DECD-24DE-4354-9AE6-29AC4F5534B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B65D5209-7975-447A-83FF-A7FC5388F9FB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F84C9496-1CC1-4B59-94A6-BF1207020566}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84C9496-1CC1-4B59-94A6-BF1207020566}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => removed successfully

==== End of Fixlog 19:57:17 ====

Attached Files


Edited by Oh My!, 26 February 2018 - 06:26 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,172 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 PM

Posted 26 February 2018 - 06:33 PM

Yes, please attach the files.

I would recommend running AdwCleaner again and removing the entries the program identified.

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,172 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:14 PM

Posted 01 March 2018 - 03:17 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 03 March 2018 - 09:31 AM

Hello. I am sorry for not responding for a few days. I have scanned with AdwCleaner again and removed the threats and here are the logs. Something else I wanna ask about is, do you know how I can get rid of the AVG 2013 desktop icon automatically? Should I try using Revo again?

Attached Files



#15 bighippo

bighippo
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 03 March 2018 - 09:32 AM

And this.


EDIT: My computer's been working great since I did the first scans with AdwCleaner. I went from frequent lags freezes to none pretty quickly.

Attached Files


Edited by bighippo, 03 March 2018 - 09:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users