Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. frazzm737

    Sept. 12 - Sept. 19

    It's time to vote! I like Post #13.
  3. frazzm737

    It just happened! - being first time grandpa :)

    Congratulations, again. Maybe they are waiting to judge the child's personality before picking a name. The name will come in good time. I'm so exited for you!
  4. Today
  5. Thank you šŸ™‚ The name still seems to be a mystery...hmmmm.
  6. frazzm737

    It just happened! - being first time grandpa :)

    Oh, Broni! Congratulations! Iā€™m sure everything will be fine. The parents look thrilled, tired, but very happy. Have they picked a name yet?
  7. Broken Club

    Friends Win 7 Laptop

    Will do , Thanks .. Running them from the flash drive ..
  8. Yesterday
  9. Broni

    ComboFix not supporting Windows 8.1?

    You're correct and Combofix i rarely used anymore. I replied in your other topic. I'll take a look what's going on there.
  10. Broni

    can I delete /appdata/local/temp directory?

    Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  11. Broni

    Friends Win 7 Laptop

    Good šŸ™‚ Download RogueKiller from one of the following links and save it to your Desktop: Link 1 Link 2 Close all the running programs Double click on downloaded setup.exe file to install the program. Click on Start Scan button. Click on another Start Scan button. Wait until the Status box shows Scan Finished Click on Remove Selected. Wait until the Status box shows Deleting Finished. Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop. If more than one log is produced post all logs. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. The Scan log is available throughout History ->Application logs. Please post it contents in your next reply. Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator The tool will start to update the database if one is required. Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Logfile button. A window will open which lists the logs of your scans. Click on the Scan tab. Double-click the most recent scan which will be at the top of the list....the log will appear. Review the results...see note below After reviewing the log, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report). To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list. Copy and paste the contents of AdwCleaner[CX].txt in your next reply. A copy of all logfiles are saved to C:\AdwCleaner. -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
  12. Last scans... Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so. NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me. NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Download Temp File Cleaner (TFC) Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer. Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
  13. Today around 1PM PST my daughter Victoria gave birth to my first grandson! There are some complication since my daughter developed preeclampsia just before birth which resulted with baby's breathing problems and some fluid in his lungs but the doctors say they have it under control. I hope everything will be fine. Meanwhile couple of pictures šŸ™‚
  14. Broken Club

    Friends Win 7 Laptop

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by George (18-09-2018 16:57:34) Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) (2014-09-29 22:58:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-219901405-3024664772-2661517672-500 - Administrator - Disabled) George (S-1-5-21-219901405-3024664772-2661517672-1000 - Administrator - Enabled) => C:\Users\George Guest (S-1-5-21-219901405-3024664772-2661517672-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-219901405-3024664772-2661517672-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Disabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5} FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} FW: Bitdefender Firewall (Disabled) {362C5A58-E860-6396-9204-BEEEF20CA463} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated) Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation) Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) Bejeweled 2 Deluxe (HKLM-x32\...\WT088682) (Version: 2.2.0.95 - WildTangent) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender) Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.25.80 - Bitdefender) Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.1.1 - Bitdefender) Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HDMI Control Manager (HKLM\...\{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION) Hidden HDMI Control Manager (HKLM-x32\...\{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION) Hidden HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft) Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden myfantasyleague.com Game Day 2018 v8.10 (HKLM-x32\...\mflGameDay_is1) (Version: 1.0 - Sideline Software, Inc.) Opera Stable 55.0.2994.61 (HKLM-x32\...\Opera 55.0.2994.61) (Version: 55.0.2994.61 - Opera Software) Polar Bowler (HKLM-x32\...\WT088759) (Version: 2.2.0.95 - WildTangent) Hidden Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) RogueKiller version 12.10.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.2.0 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.2.0 - Toshiba) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION) Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.24 - Toshiba) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba) Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.1C - TOSHIBA) Hidden Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.1C - TOSHIBA) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) ZoneAlarm Firewall (HKLM-x32\...\{5734A45B-5BB8-4B1F-942C-0EEE51517508}) (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.1.011.000 - Check Point) ZoneAlarm Security (HKLM-x32\...\{08592EE0-E492-47FF-B711-1588BFDE0991}) (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden Zuma's Revenge (HKLM-x32\...\WT088710) (Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-219901405-3024664772-2661517672-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-04-21] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers1_S-1-5-21-219901405-3024664772-2661517672-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ContextMenuHandlers1_S-1-5-21-219901405-3024664772-2661517672-1000: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => -> No File ContextMenuHandlers4_S-1-5-21-219901405-3024664772-2661517672-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-219901405-3024664772-2661517672-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {001E521B-66FF-4D61-AC84-118E0A6608F0} - System32\Tasks\{C2B1F196-367B-49A7-862A-F7FD6C3301D3} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe Task: {044CEA1C-2801-4D51-84DC-A7ABAA4CA400} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-09-06] (Adobe Systems Incorporated) Task: {05CA7F4D-D400-452A-A3A2-17870ACFA788} - System32\Tasks\{DFB95AF3-9E17-4F22-BE5B-608BB58CD676} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe Task: {074EA479-EF51-446E-ABF3-36E7706C2C30} - System32\Tasks\HP AR Program Upload - b5e8b524312040d9b5425c538f21bdbfacdac7a52c1e45f2a68e5ee717499999 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {0DD993A4-734D-46CD-BEEB-6DB99076C004} - System32\Tasks\{3DAC4E2C-04E0-4B1C-B3E2-44034597F30A} => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2015-09-02] () Task: {14D59A87-8A3A-4929-95A7-0CC0445697B6} - System32\Tasks\{5DF7C68F-D60A-4E68-8AFB-C7A656D1C524} => C:\windows\system32\pcalua.exe -a "C:\ProgramData\PC HealthFix\PCHFUninstall.exe" Task: {1F3F3077-AF81-4C8E-923F-B930D0D5FAB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {3E6BD1DF-176D-4EAC-9AFA-78FA21B33D7C} - System32\Tasks\{9D51AE6F-3C15-4302-BE46-E7EC201CB32A} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe Task: {44BC0FE8-0C71-4748-B43D-95145D17BE86} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-09-06] (Adobe Systems Incorporated) Task: {512BCDE5-BBA4-4699-A680-6CCE6249FD0D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-06] (Adobe Systems Incorporated) Task: {8624B05F-068B-430A-8321-68C530867C41} - System32\Tasks\{47F5010A-0EBC-4324-9C24-15C4488FFEB7} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe Task: {9306E872-1AAE-4008-B89D-33273A29AC5D} - System32\Tasks\{BAE75E67-2183-4376-9C76-5E976A2A58BD} => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2015-09-02] () Task: {A55565F8-67B1-464A-A929-519CAA01121D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {AACDEB93-2AC8-47AE-88D1-DF60BFB148E2} - System32\Tasks\Opera scheduled Autoupdate 1452282697 => C:\Program Files (x86)\Opera\launcher.exe [2018-09-13] (Opera Software) Task: {B8494332-DF87-45AB-BC6B-2117440B9A4E} - System32\Tasks\HP AR Program Upload - 98c84a83da4346a387692214a969b1046a1e076e993343628adbe38bf3ac0265 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {BEBAA3D9-4247-4719-90B9-EB034C0E3865} - System32\Tasks\{3B21A0EA-AC15-48C2-9E5A-A2AE4C20D3AE} => C:\windows\system32\pcalua.exe -a "C:\ProgramData\PC HealthFix\PCHFUninstall.exe" Task: {C8CDE4E0-0E82-4389-A0A6-EB4369FDCB2D} - System32\Tasks\HP AR Program Upload - 2af4b7ea3a4e48bc80f8a3b8916562620bce6d9ea4c742aab9f80fc3b9c851a4 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {D9E09E95-42E5-45A1-A0C8-AB0959DEECF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {DBCA3C12-68D5-4D17-8B93-90E2DCD13D96} - System32\Tasks\HP AR Program Upload - e0d5446814904609b3304cca5eb9999eed2ff0888ff14074a2cb64c3971d3ef2 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {DC42607A-F8F4-464C-AA4F-32132CE4A240} - System32\Tasks\HP AR Program Upload - 559654040cd94d59884f9a220c167bb669e3503b11a042b49bc92cacd9e4d7a5 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {F2F2BE4A-50F7-4CAB-97FD-26F27E0B4564} - System32\Tasks\{6A19189D-3929-4204-B688-5896964FC4B2} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Task: {F6E10EC0-8979-42D3-BA86-7C0C91F54ECE} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-07-27 13:26 - 2018-07-27 13:26 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_003\ashttpbr.mdl 2018-07-27 13:26 - 2018-07-27 13:26 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_003\ashttpdsp.mdl 2018-07-27 13:26 - 2018-07-27 13:26 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_003\ashttpph.mdl 2018-07-27 13:26 - 2018-07-27 13:26 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_003\ashttprbl.mdl 2018-06-27 14:06 - 2018-06-27 15:37 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-06-27 14:06 - 2018-06-27 15:37 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2010-04-07 19:07 - 2010-04-07 19:07 - 009468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 16:26 - 2009-11-03 16:26 - 000053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2010-03-03 17:15 - 2010-03-03 17:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll 2010-03-03 17:15 - 2010-03-03 17:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll 2010-08-30 00:37 - 2009-06-22 18:40 - 000022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2009-03-12 22:08 - 2009-03-12 22:08 - 000048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-25 20:38 - 2009-07-25 20:38 - 000017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2010-03-12 18:41 - 2010-03-12 18:41 - 000417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe 2010-02-05 20:44 - 2010-02-05 20:44 - 000079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\George\Desktop\flashplayer27ppau_da_install.exe:BDU [0] AlternateDataStreams: C:\Users\George\Desktop\Support-LogMeInRescue.exe:BDU [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\123simsen.com -> www.123simsen.com There are 7864 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2018-09-18 16:45 - 000000000 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-219901405-3024664772-2661517672-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\Services: SDWSCService => 2 MSCONFIG\Services: TapiSrv => 3 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C17DCFD8-5D52-4AA3-9F75-5F3E530DB1C6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{8920EDBC-A221-4C6D-8A21-F7971A519E03}] => (Allow) svchost.exe FirewallRules: [{5F0DC987-9EA6-4642-B1D7-4D82500880C4}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{24653D9D-16D5-487A-B5D9-2A98C66EAF2C}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe FirewallRules: [{FEB3537F-78C5-4ACD-871B-89CBB06C5806}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe FirewallRules: [{1364F68F-FF42-4B08-8A93-351F0645F4CC}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe FirewallRules: [{CECCC4D0-52B3-4D41-B03E-D8F8BE8D409E}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe FirewallRules: [{C9EEF208-2C92-4A8E-9663-EE0ADF434FB1}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{9C8B9D74-6E99-47B8-9BBE-B6F5891EF8BB}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{A0D09605-5F13-439E-98A2-22975C4E64EB}] => (Allow) C:\Users\George\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{96680A3E-6845-4E61-8520-99856F1863F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{CB94A854-018E-4098-B1F2-69691E71E16C}] => (Allow) LPort=2869 FirewallRules: [{C0F1CE99-6700-45D3-9BF4-137EC161F222}] => (Allow) LPort=1900 FirewallRules: [{2038BA78-CCAE-4074-8253-99E15AB53006}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D306A682-378F-43CC-B2D9-3F211FEEBC54}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{9CB7DC0A-5FC4-4046-B304-803071CD4771}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{F317AF79-F0B7-4875-B621-559084D0D39B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{DC1FCD7D-BEA4-4334-9A9D-E35E8F12B1F6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{60B2D06F-B523-47DE-8754-5E6D31B0608E}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.60\opera.exe FirewallRules: [{1ABAB710-6B5E-477E-ABC3-FB20337A3F23}] => (Allow) C:\Program Files (x86)\Opera\55.0.2994.61\opera.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe] => Enabled:Get-a-Cli StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Get-a-Clip\MFLService2.exe] => Enabled:Get-a-Cli StandardProfile\GloballyOpenPorts: [12005:TCP] => Enabled:Get-a-Cli ==================== Restore Points ========================= 23-05-2018 19:52:55 Windows Update 27-06-2018 13:52:46 Windows Update 27-06-2018 15:39:04 Windows Update 27-07-2018 14:19:25 Windows Update 09-09-2018 20:00:06 Windows Update 18-09-2018 13:44:34 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/18/2018 04:47:37 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/18/2018 04:18:05 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/18/2018 04:07:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com' Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/18/2018 01:24:20 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/18/2018 12:39:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/18/2018 12:13:02 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com' Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/18/2018 12:03:02 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com' Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (09/17/2018 08:59:51 AM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com' Error Data: (no response) Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) System errors: ============= Error: (09/18/2018 04:45:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IE Search Set service failed to start due to the following error: The system cannot find the file specified. Error: (09/18/2018 04:06:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IE Search Set service failed to start due to the following error: The system cannot find the file specified. Error: (09/18/2018 01:22:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IE Search Set service failed to start due to the following error: The system cannot find the file specified. Error: (09/18/2018 12:37:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IE Search Set service failed to start due to the following error: The system cannot find the file specified. Error: (09/18/2018 12:21:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s). Error: (09/18/2018 12:21:12 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Update service did not shut down properly after receiving a preshutdown control. Error: (09/18/2018 12:01:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IE Search Set service failed to start due to the following error: The system cannot find the file specified. Error: (09/17/2018 08:46:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IE Search Set service failed to start due to the following error: The system cannot find the file specified. Windows Defender: =================================== Date: 2015-01-03 09:51:21.503 Description: Windows Defender scan has been stopped before completion. Scan ID:{374BCF31-342A-4BC5-B787-2D6FCAD10608} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2016-10-13 16:55:19.333 Description: %1 engine has been terminated due to an unexpected error. Failure Type:%5 Exception code:%6 Resource:%3 Date: 2015-03-26 13:10:30.823 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source:User Signature Type: Update Type: Current Engine Version: Previous Engine Version:1.1.11502.0 Error code:0x8050a003 Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. CodeIntegrity: =================================== Date: 2015-10-02 10:53:55.695 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-10-02 10:53:55.617 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz Percentage of memory in use: 58% Total physical RAM: 3890.67 MB Available physical RAM: 1609.95 MB Total Virtual: 7779.51 MB Available Virtual: 5329.78 MB ==================== Drives ================================ Drive c: (TI105957W0F) (Fixed) (Total:452.7 GB) (Free:380.93 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (USB20FD) (Removable) (Total:3.77 GB) (Free:2.89 GB) FAT32 \\?\Volume{b32cb00f-483e-11e4-aeb4-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1D93D260) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.8 GB) - (Type=0C) ==================== End of Addition.txt ============================ ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz Percentage of memory in use: 59% Total physical RAM: 3890.67 MB Available physical RAM: 1590.15 MB Total Virtual: 7779.51 MB Available Virtual: 5270.71 MB ==================== Drives ================================ Drive c: (TI105957W0F) (Fixed) (Total:452.7 GB) (Free:380.92 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (USB20FD) (Removable) (Total:3.77 GB) (Free:2.89 GB) FAT32 \\?\Volume{b32cb00f-483e-11e4-aeb4-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1D93D260) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.8 GB) - (Type=0C) ==================== End of Addition.txt ============================
  15. Broken Club

    Friends Win 7 Laptop

    Got it Working .. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018 Ran by George (administrator) on GEORGE-PC (18-09-2018 16:50:47) Running from E:\ Loaded Profiles: George (Available Profiles: George) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\downloader.exe (Opera Software) C:\Program Files (x86)\Opera\launcher.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Opera Software) C:\Program Files (x86)\Opera\55.0.2994.61\opera_autoupdate.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-06-29] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1037144 2010-04-05] (TOSHIBA Corporation.) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [452032 2018-06-27] (Bitdefender) HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-06-02] (Toshiba) HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-06-11] (Toshiba) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation) HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-219901405-3024664772-2661517672-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-12-04] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> (No File) Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-12-04] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{DE1D42EE-FF1A-4669-BC67-06C7437E246C}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{F55D418F-F078-41E2-879F-C29FB64B2008}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {C0670F61-E834-4FDD-B085-C81AA575A443} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {C0670F61-E834-4FDD-B085-C81AA575A443} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND SearchScopes: HKLM-x32 -> DefaultScope {0B6FEFB1-ED75-46C1-9560-592BA06CF529} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0B6FEFB1-ED75-46C1-9560-592BA06CF529} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND SearchScopes: HKU\S-1-5-21-219901405-3024664772-2661517672-1000 -> DefaultScope {C0670F61-E834-4FDD-B085-C81AA575A443} URL = SearchScopes: HKU\S-1-5-21-219901405-3024664772-2661517672-1000 -> {6994ACE0-9F47-4F8E-9591-380B85CC49E4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND SearchScopes: HKU\S-1-5-21-219901405-3024664772-2661517672-1000 -> {860F4FBA-2620-40BF-8FF2-C60AB80298C8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-219901405-3024664772-2661517672-1000 -> {B6BBB3F4-95F2-4B6F-AFC1-7482AAA8A957} URL = BHO: No Name -> {11111111-1111-1111-1111-110611341143} -> No File BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-23] (Bitdefender) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2018-05-23] (Bitdefender) BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-10] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-10] (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>) BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-23] (Bitdefender) Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2018-05-23] (Bitdefender) Toolbar: HKU\S-1-5-21-219901405-3024664772-2661517672-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-219901405-3024664772-2661517672-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-23] (Bitdefender) FireFox: ======== FF DefaultProfile: bqqdq15x.default FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\bqqdq15x.default [2017-04-01] FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff [2018-01-17] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-04-21] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-09-06] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-09-06] () FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-10] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-219901405-3024664772-2661517672-1000: @citrixonline.com/appdetectorplugin -> C:\Users\George\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-01] (Citrix Online) Chrome: ======= CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2016-07-27] CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx CHR crx: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\default_apps\search.crx [2015-12-04] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\default_apps\search.crx [2015-12-10] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2135032 2018-05-23] (Bitdefender) R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [103792 2010-01-28] (Symantec Corporation) R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1284032 2018-07-31] (Bitdefender) R2 updatesrv; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [112712 2018-05-23] (Bitdefender) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.) R2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1001072 2018-05-23] (Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.) S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 atc; C:\windows\System32\DRIVERS\atc.sys [1177008 2018-05-23] (BitDefender S.R.L. Bucharest, ROMANIA) R0 avc3; C:\windows\System32\DRIVERS\avc3.sys [1723552 2018-06-27] (BitDefender) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-23] (BitDefender LLC) R2 bdprivmon; C:\windows\System32\DRIVERS\bdprivmon.sys [45104 2018-05-23] (Ā© Bitdefender SRL) R1 BDVEDISK; C:\windows\System32\DRIVERS\bdvedisk.sys [96448 2018-05-23] (BitDefender) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [152184 2018-06-27] (Malwarebytes) R0 gzflt; C:\windows\System32\DRIVERS\gzflt.sys [189544 2018-05-23] (BitDefender LLC) R0 Ignis; C:\windows\System32\DRIVERS\ignis.sys [191592 2018-06-27] (Bitdefender) R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [190696 2018-09-14] (Malwarebytes) R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [112872 2018-09-18] (Malwarebytes) R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [44768 2018-09-18] (Malwarebytes) R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-09-18] (Malwarebytes) R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [94840 2018-09-18] (Malwarebytes) R0 trufos; C:\windows\System32\DRIVERS\trufos.sys [609576 2018-09-06] (Bitdefender) R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2018-09-09] (Check Point Software Technologies Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-18 16:48 - 2018-09-18 16:48 - 000000607 _____ C:\Users\George\Desktop\FRST64.exe - Shortcut.lnk 2018-09-18 12:21 - 2018-09-18 16:28 - 000002023 _____ C:\bdlog.txt 2018-09-17 08:53 - 2018-09-06 21:31 - 005274504 _____ (Check Point Software Technologies Ltd.) C:\Users\George\Documents\zafwSetupWeb_153_062_17721.exe 2018-09-13 17:40 - 2010-11-20 09:24 - 000345088 _____ (Microsoft Corporation) C:\windows\system32\s.exe 2018-09-13 15:51 - 2018-09-18 16:46 - 000112872 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys 2018-09-09 12:54 - 2018-09-18 16:45 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys 2018-09-07 07:49 - 2018-09-18 16:55 - 000094840 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys 2018-09-06 20:28 - 2018-09-06 20:28 - 000034508 _____ C:\ProgramData\agent.update.1536280074.bdinstall.bin ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-18 16:54 - 2009-07-14 00:45 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-18 16:54 - 2009-07-14 00:45 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-18 16:50 - 2017-04-01 09:34 - 000000000 ____D C:\FRST 2018-09-18 16:47 - 2017-04-03 11:27 - 000003648 _____ C:\windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2018-09-18 16:46 - 2018-06-27 15:38 - 000044768 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2018-09-18 16:45 - 2010-08-30 00:44 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2018-09-18 16:45 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-09-18 16:26 - 2009-07-13 23:20 - 000000000 ____D C:\windows\system32\NDF 2018-09-18 16:06 - 2014-09-29 19:02 - 000109624 _____ C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT 2018-09-18 16:05 - 2009-07-14 00:45 - 000409616 _____ C:\windows\system32\FNTCACHE.DAT 2018-09-18 13:34 - 2010-08-30 00:44 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2018-09-18 12:20 - 2016-01-08 15:51 - 000000000 ____D C:\Program Files (x86)\Opera 2018-09-18 12:18 - 2016-01-08 15:51 - 000003848 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1452282697 2018-09-18 12:12 - 2015-10-01 17:39 - 000000000 ___RD C:\Users\George\Desktop\Confuser 2018-09-17 08:59 - 2009-07-14 01:13 - 000782250 _____ C:\windows\system32\PerfStringBackup.INI 2018-09-17 08:59 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf 2018-09-14 14:00 - 2015-10-02 10:09 - 003143754 _____ C:\windows\ntbtlog.txt 2018-09-14 13:59 - 2018-06-27 15:38 - 000190696 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys 2018-09-13 02:04 - 2014-09-29 18:58 - 000000000 ____D C:\Users\George 2018-09-13 02:04 - 2009-07-13 23:20 - 000000000 ____D C:\windows\registration 2018-09-09 19:58 - 2014-08-13 10:16 - 000461240 _____ (Check Point Software Technologies Ltd.) C:\windows\system32\Drivers\vsdatant.sys 2018-09-09 19:48 - 2017-06-04 13:11 - 000000000 ____D C:\Users\George\AppData\Temp 2018-09-09 13:09 - 2016-02-10 12:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-09-06 21:49 - 2016-02-17 16:21 - 000004454 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-09-06 21:49 - 2014-11-12 15:25 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-09-06 21:49 - 2014-11-12 15:25 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-09-06 21:49 - 2014-11-12 15:25 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2018-09-06 21:49 - 2014-11-12 15:24 - 000000000 ____D C:\windows\system32\Macromed 2018-09-06 21:49 - 2014-09-29 21:28 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-09-06 21:25 - 2017-05-10 21:01 - 000609576 _____ (Bitdefender) C:\windows\system32\Drivers\trufos.sys 2018-09-06 20:51 - 2016-09-26 17:42 - 000001038 _____ C:\Users\George\Desktop\mfl Game Day.lnk 2018-09-06 20:51 - 2014-10-05 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfantasyleague 2018-09-06 20:51 - 2014-10-05 14:40 - 000000000 ____D C:\Program Files (x86)\myfantasyleague 2018-09-06 20:49 - 2018-03-14 16:50 - 000004466 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-09-06 20:28 - 2017-04-03 11:25 - 000000000 ____D C:\Program Files\Bitdefender Agent ==================== Files in the root of some directories ======= 2014-10-10 13:16 - 2014-10-16 13:16 - 000000133 _____ () C:\Users\George\AppData\Roaming\WB.CFG 2014-10-15 14:16 - 2014-10-15 14:16 - 000000001 _____ () C:\Users\George\AppData\Local\DSI.DAT ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-01 13:14 ==================== End of FRST.txt ============================ LastRegBack: 2017-05-01 13:14 ==================== End of FRST.txt ============================
  16. frazzm737

    Accusation

  17. frazzm737

    Hurricane

  18. frazzm737

    CBS

  19. frazzm737

    SCOTUS

  20. frazzm737

    Global Warming

  21. frazzm737

    Fran's Favorites

  22. frazzm737

    Today's Cartoons

  23. frazzm737

    9/18/18

    Hoping this is the last day in the 90's. We tied old and set new record highs during the past week.
  24. frazzm737

    Daily picture

    What do you know? A great photo of young Roky!
  25. JAN

    Maxine

  26. JAN

    Inspiration

  1. Load more activity
×