Jump to content

Boondockers

Members
  • Content count

    15
  • Joined

  • Last visited

About Boondockers

  • Rank
    Member
  • Birthday September 12

Profile Information

  • Gender
    Male
  • Location
    Northern Michigan
  • OS
    Windows 7

Profile Fields

  • Country

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have an Asus X202E notebook with Win 8.1 that is giving me some concern. It seems very clean and functions well, however, I tried to uninstall Avira and use Windows Defender. After uninstalling Avira many times it kept reinstalling. I downloaded Avira_Registry_Cleaner. Used Revo uinstaller, restarted in the safe mode, ran the registry cleaner from Avira and was successful, and Avira no longer started. Yea! However I was now blocked from starting Windows Defender for some reason. Should this problem be corrected before installing any antivirus program. Is there a hidden antivirus program blocking that. That is my problem. Can you help?
  2. Thank you very much for your patience and help. You did a good job, the computer now starts in 1 1/2 minutes instead of 6 plus. Will run tool frequently as suggested.
  3. Farbar Service Scanner Version: 27-01-2016 Ran by jDonna (administrator) on 16-03-2018 at 08:14:07 Running from "C:\Users\jDonna\Desktop\Downloaded Tools" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  4. Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avast Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 161 Java version 32-bit out of Date! Adobe Flash Player 28.0.0.161 Google Chrome (65.0.3325.162) Google Chrome (plugins...) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe AVAST Software Avast x64 aswidsagenta.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Farbar Service Scanner Version: 27-01-2016 Ran by jDonna (administrator) on 16-03-2018 at 08:14:07 Running from "C:\Users\jDonna\Desktop\Downloaded Tools" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** Sophos Free Virus Removal, no log was created but 0 viruses detected. I have a screen capture if you need it. Don
  5. Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018 Ran by jDonna (15-03-2018 14:55:50) Run:1 Running from C:\Users\jDonna\Desktop Loaded Profiles: jDonna (Available Profiles: jDonna & Whitney) Boot Mode: Normal ============================================== fixlist content: ***************** Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] 2013-12-02 08:08 - 2013-12-02 08:08 - 049940480 _____ () C:\Program Files (x86)\GUT6C99.tmp 2018-03-11 15:49 - 2018-03-11 15:49 - 000007613 _____ () C:\Users\jDonna\AppData\Local\Resmon.ResmonCfg 2016-05-31 17:05 - 2016-05-31 17:11 - 000000000 _____ () C:\Users\jDonna\AppData\Local\{C86A9BCB-CF98-4B07-AE0A-55BB021D622D} ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File Task: {13FA8A70-B47A-4579-BEF2-2DDE8B1070B3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {BE75D1A1-60A7-45A1-BE33-4C3EA0DDDECE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:D346F792 [294] ***************** "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKU\S-1-5-21-668790070-1862182065-2749219965-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => removed successfully HKLM\Software\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}" => removed successfully HKLM\Software\Classes\CLSID\{82A76710-4F98-4957-92BE-99648A4E2475} => not found "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully "HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3}" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => not found "HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully AppMgmt => service removed successfully "HKLM\System\CurrentControlSet\Services\catchme" => removed successfully catchme => service removed successfully "HKLM\System\CurrentControlSet\Services\efavdrv" => removed successfully efavdrv => service removed successfully C:\Program Files (x86)\GUT6C99.tmp => moved successfully C:\Users\jDonna\AppData\Local\Resmon.ResmonCfg => moved successfully C:\Users\jDonna\AppData\Local\{C86A9BCB-CF98-4B07-AE0A-55BB021D622D} => moved successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => removed successfully HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\STShellMenu" => removed successfully HKLM\Software\Classes\CLSID\{F32C83B9-DF1D-42AD-9741-C52909703957} => not found "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\STShellMenu" => removed successfully HKLM\Software\Classes\CLSID\{F32C83B9-DF1D-42AD-9741-C52909703957} => not found "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\STShellMenu" => removed successfully HKLM\Software\Classes\CLSID\{F32C83B9-DF1D-42AD-9741-C52909703957} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13FA8A70-B47A-4579-BEF2-2DDE8B1070B3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13FA8A70-B47A-4579-BEF2-2DDE8B1070B3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE75D1A1-60A7-45A1-BE33-4C3EA0DDDECE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE75D1A1-60A7-45A1-BE33-4C3EA0DDDECE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully C:\ProgramData\Temp => ":D346F792" ADS removed successfully ==== End of Fixlog 14:56:04 ====
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2018 Ran by jDonna (administrator) on JDONNA-PC (15-03-2018 07:06:56) Running from C:\Users\jDonna\Desktop Loaded Profiles: jDonna (Available Profiles: jDonna & Whitney) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe (UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-10] (AVAST Software) HKLM\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] () HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-09] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION Startup: C:\Users\jDonna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-05-19] () BootExecute: sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9EAABF78-02FF-4F31-9444-B6C66EEA71C4}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/ SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {055EC08A-EA81-4216-BB5F-299DDD7506CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-verti/search/redirect/?type=default&user_id=33fff43b-6076-4b0f-b550-f57348e5437a&query={searchTerms} SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-01] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-01] (Google Inc.) BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-01] (Google Inc.) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-01] (Google Inc.) Toolbar: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-01] (Google Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\jDonna\AppData\Roaming\Mozilla\Firefox\Profiles\tuwf6cd7.default [2018-03-14] FF Homepage: Mozilla\Firefox\Profiles\tuwf6cd7.default -> hxxps://duckduckgo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-03-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=odc089 CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc089" CHR Profile: C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default [2018-03-14] CHR Extension: (Play Game Phrase Ad) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegdkgknfjdjfjcgepgobibefcnfgfko [2017-05-18] CHR Extension: (SearchBar) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2017-07-29] CHR Extension: (ArcadeZoom Ads) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkladighnakihefhlcdhdicglpkamcn [2018-03-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-19] CHR Extension: (Chrome Media Router) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-07] CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - <no Path/update_url> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-10] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-10] (AVAST Software) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-10] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-10] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-10] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-10] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-10] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-10] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-10] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-10] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-10] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-10] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-10] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-10] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-10] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-10] (AVAST Software) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-03-10] () S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-14] (Malwarebytes) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-15 07:06 - 2018-03-15 07:07 - 000017136 _____ C:\Users\jDonna\Desktop\FRST.txt 2018-03-14 17:40 - 2018-03-14 17:40 - 000026225 _____ C:\Users\jDonna\Downloads\ComboLog.txt 2018-03-14 17:39 - 2018-03-14 17:39 - 000026225 _____ C:\ComboFix.txt 2018-03-14 17:20 - 2018-03-14 17:15 - 005659794 ____R (Swearware) C:\Users\jDonna\Desktop\ComboFix.exe 2018-03-14 17:19 - 2018-03-14 17:17 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\jDonna\Desktop\rkill.exe 2018-03-14 16:21 - 2018-03-14 16:21 - 000003877 _____ C:\Users\jDonna\Downloads\AdwCleaner[C0].txt 2018-03-14 16:11 - 2018-03-14 16:11 - 000004345 _____ C:\Users\jDonna\Downloads\AdwCleaner[S0].txt 2018-03-14 16:08 - 2018-03-14 16:20 - 000000000 ____D C:\AdwCleaner 2018-03-14 16:06 - 2018-03-14 16:06 - 000001235 _____ C:\Users\jDonna\Downloads\Maleware Scan Log.txt 2018-03-14 15:55 - 2018-03-14 15:55 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-14 15:55 - 2018-03-14 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-14 15:55 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-14 15:49 - 2018-03-14 15:49 - 000014348 _____ C:\Users\jDonna\Downloads\RogueScanLog.txt 2018-03-14 09:31 - 2018-03-14 09:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-03-14 09:31 - 2018-03-14 09:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-03-14 08:33 - 2018-03-14 08:33 - 000000663 _____ C:\Users\jDonna\Desktop\Donna Read This.txt 2018-03-14 07:49 - 2018-03-14 07:50 - 000000000 ____D C:\Users\jDonna\Desktop\Smart Computing 2018-03-13 17:59 - 2009-07-14 00:54 - 000001304 _____ C:\Users\jDonna\Desktop\Notepad.lnk 2018-03-13 17:50 - 2018-03-15 07:06 - 000000000 ____D C:\FRST 2018-03-13 17:49 - 2018-03-13 15:09 - 002402816 _____ (Farbar) C:\Users\jDonna\Desktop\FRST64.exe 2018-03-11 16:12 - 2018-03-11 16:12 - 000000000 ____D C:\Users\Whitney\Documents\CClean Reg BU 2018-03-11 15:55 - 2018-03-11 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2018-03-11 15:55 - 2018-03-11 16:02 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Free Window Registry Repair 2018-03-11 15:55 - 2018-03-11 15:55 - 000000993 _____ C:\Users\Whitney\Desktop\Free Window Registry Repair.lnk 2018-03-11 15:53 - 2018-03-11 15:53 - 000808399 _____ C:\Users\jDonna\Downloads\RegpairSetup.exe 2018-03-11 15:49 - 2018-03-11 15:49 - 000007613 _____ C:\Users\jDonna\AppData\Local\Resmon.ResmonCfg 2018-03-11 14:48 - 2018-03-11 14:48 - 000000000 ____D C:\Users\jDonna\AppData\Local\Little_Apps 2018-03-11 13:57 - 2018-03-11 13:57 - 000000000 ____D C:\$AV_ASW 2018-03-11 13:26 - 2011-06-26 02:45 - 000256000 _____ C:\Windows\PEV.exe 2018-03-11 13:26 - 2010-11-07 13:20 - 000208896 _____ C:\Windows\MBR.exe 2018-03-11 13:26 - 2009-04-20 00:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000098816 _____ C:\Windows\sed.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000080412 _____ C:\Windows\grep.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000068096 _____ C:\Windows\zip.exe 2018-03-11 13:25 - 2018-03-14 17:39 - 000000000 ____D C:\Qoobox 2018-03-11 13:25 - 2018-03-11 13:55 - 000000000 ____D C:\Windows\erdnt 2018-03-11 12:57 - 2018-03-11 12:58 - 000204600 _____ C:\TDSSKiller.3.1.0.16_11.03.2018_12.57.48_log.txt 2018-03-11 12:57 - 2018-03-11 12:57 - 000000366 _____ C:\TDSSKiller.3.1.0.15_11.03.2018_12.57.13_log.txt 2018-03-11 10:32 - 2018-03-14 09:40 - 000000000 ____D C:\Users\jDonna\AppData\Local\Adobe 2018-03-11 10:32 - 2018-03-11 10:32 - 000000000 ____D C:\Windows\SysWOW64\Adobe 2018-03-11 10:21 - 2018-03-11 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2018-03-11 10:21 - 2018-03-11 10:21 - 000000000 ____D C:\Program Files (x86)\UltimateOutsider 2018-03-11 09:50 - 2018-02-10 10:23 - 000000832 _____ C:\Windows\system32\Drivers\etc\hosts.20180311-095038.backup 2018-03-11 09:33 - 2018-03-11 11:40 - 000006218 _____ C:\Windows\wininit.ini 2018-03-11 08:58 - 2018-03-11 08:58 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2018-03-11 08:57 - 2018-03-11 11:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-03-11 08:57 - 2018-03-11 11:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2018-03-10 14:35 - 2018-03-10 14:35 - 000000000 ____D C:\Users\jDonna\AppData\LocalLow\Spyware Terminator 2018-03-10 14:08 - 2018-03-10 14:08 - 000033816 _____ C:\Windows\system32\.crusader 2018-03-10 13:52 - 2018-03-10 14:10 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2018-03-10 13:52 - 2018-03-10 14:09 - 000000000 ____D C:\ProgramData\HitmanPro 2018-03-10 11:11 - 2018-03-10 11:11 - 000000000 ____D C:\Users\jDonna\AppData\Local\ESET 2018-03-10 09:55 - 2018-03-10 09:55 - 000000000 ____D C:\Windows\ERUNT 2018-03-10 09:54 - 2018-03-10 09:54 - 000000000 ____D C:\JRT 2018-03-10 09:50 - 2018-03-10 09:50 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\SUPERAntiSpyware.com 2018-03-10 09:50 - 2018-03-10 09:50 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2018-03-10 09:47 - 2018-03-10 09:47 - 000000000 ____D C:\ProgramData\ESET 2018-03-10 09:00 - 2018-03-10 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2018-03-10 09:00 - 2018-03-10 09:00 - 000000000 ____D C:\Program Files\VS Revo Group 2018-03-10 08:49 - 2018-03-10 08:49 - 000001313 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2018-03-10 08:49 - 2018-03-10 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2018-03-10 08:40 - 2018-03-10 08:40 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-03-10 06:57 - 2018-03-10 06:56 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-03-09 18:22 - 2018-03-14 15:21 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-03-09 18:22 - 2018-03-14 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-03-09 18:22 - 2018-03-14 15:21 - 000000000 ____D C:\Program Files\RogueKiller 2018-03-09 18:22 - 2018-03-09 19:02 - 000000000 ____D C:\ProgramData\RogueKiller 2018-03-09 17:18 - 2018-03-13 18:09 - 000000000 ____D C:\Users\jDonna\Documents\CClean Reg BUs 2018-02-14 08:29 - 2018-02-10 15:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-02-14 08:29 - 2018-02-10 15:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-02-14 08:29 - 2018-02-10 04:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-02-14 08:29 - 2018-02-10 03:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-02-14 08:29 - 2018-02-10 03:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-02-14 08:29 - 2018-02-10 03:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-02-14 08:29 - 2018-02-10 03:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-02-14 08:29 - 2018-02-10 03:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-02-14 08:29 - 2018-02-10 03:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-02-14 08:29 - 2018-02-10 03:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-02-14 08:29 - 2018-02-10 03:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-02-14 08:29 - 2018-02-10 03:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-02-14 08:29 - 2018-02-10 03:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-02-14 08:29 - 2018-02-10 03:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-02-14 08:29 - 2018-02-10 03:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-02-14 08:29 - 2018-02-10 03:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-02-14 08:29 - 2018-02-10 03:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-02-14 08:29 - 2018-02-10 03:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-02-14 08:29 - 2018-02-10 03:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-02-14 08:29 - 2018-02-10 03:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-02-14 08:29 - 2018-02-10 02:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-02-14 08:29 - 2018-02-10 02:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-02-14 08:29 - 2018-02-10 02:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-02-14 08:29 - 2018-02-10 02:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-02-14 08:29 - 2018-02-10 02:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-02-14 08:29 - 2018-02-10 02:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-02-14 08:29 - 2018-02-10 02:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-02-14 08:29 - 2018-02-10 02:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-02-14 08:29 - 2018-02-10 02:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-02-14 08:29 - 2018-02-10 02:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-02-14 08:29 - 2018-02-10 02:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-02-14 08:29 - 2018-02-10 02:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-02-14 08:29 - 2018-02-10 02:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-02-14 08:29 - 2018-02-10 02:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-02-14 08:29 - 2018-02-10 02:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-02-14 08:29 - 2018-02-10 02:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-02-14 08:29 - 2018-02-10 02:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-02-14 08:29 - 2018-02-10 02:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-02-14 08:29 - 2018-02-10 02:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-02-14 08:29 - 2018-02-10 01:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-02-14 08:29 - 2018-02-10 01:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-02-14 08:29 - 2018-02-10 01:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-02-14 08:29 - 2018-02-10 01:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-02-14 08:29 - 2018-02-10 01:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-02-14 08:29 - 2018-02-10 01:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-02-14 08:29 - 2018-02-10 01:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-02-14 08:29 - 2018-02-10 01:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-02-14 08:29 - 2018-02-10 01:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-02-14 08:29 - 2018-02-10 01:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-02-14 08:29 - 2018-02-10 01:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-02-14 08:29 - 2018-02-10 01:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-02-14 08:29 - 2018-02-10 01:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-02-14 08:29 - 2018-02-10 01:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-02-14 08:29 - 2018-02-10 01:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-02-14 08:29 - 2018-02-10 01:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-02-14 08:29 - 2018-02-10 01:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-02-14 08:29 - 2018-02-10 01:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-02-14 08:29 - 2018-02-10 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-02-14 08:29 - 2018-02-10 01:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-02-14 08:29 - 2018-02-10 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-02-14 08:29 - 2018-02-10 01:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-02-14 08:29 - 2018-02-10 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-02-14 08:29 - 2018-02-10 01:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-02-14 08:29 - 2018-02-10 01:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-02-14 08:29 - 2018-02-10 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-02-14 08:29 - 2018-02-10 01:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-02-14 08:29 - 2018-02-10 01:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-02-14 08:29 - 2018-02-10 01:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-02-14 08:29 - 2018-01-12 12:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-02-14 08:29 - 2018-01-12 12:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-02-14 08:29 - 2018-01-12 12:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-02-14 08:29 - 2018-01-12 12:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-02-14 08:29 - 2018-01-12 12:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-02-14 08:29 - 2018-01-12 12:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-02-14 08:29 - 2018-01-12 12:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-02-14 08:29 - 2018-01-12 12:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-02-14 08:29 - 2018-01-12 12:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-02-14 08:29 - 2018-01-12 12:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe 2018-02-14 08:29 - 2018-01-12 12:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe 2018-02-14 08:29 - 2018-01-12 12:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2018-02-14 08:29 - 2018-01-12 12:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys 2018-02-14 08:29 - 2018-01-12 12:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2018-02-14 08:29 - 2018-01-12 12:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-02-14 08:29 - 2018-01-12 12:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-02-14 08:29 - 2018-01-12 12:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-02-14 08:29 - 2018-01-12 12:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-02-14 08:29 - 2018-01-12 12:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-02-14 08:29 - 2018-01-12 12:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-02-14 08:29 - 2018-01-12 12:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-02-14 08:29 - 2018-01-12 12:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-02-14 08:29 - 2018-01-12 12:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-02-14 08:29 - 2018-01-12 12:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-02-14 08:29 - 2018-01-12 12:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-02-14 08:29 - 2018-01-12 12:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-02-14 08:29 - 2018-01-12 11:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-02-14 08:29 - 2018-01-12 11:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-02-14 08:29 - 2018-01-12 11:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-02-14 08:29 - 2018-01-12 11:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-02-14 08:29 - 2018-01-12 11:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-02-14 08:29 - 2018-01-12 11:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 11:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 11:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 11:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-02-14 08:29 - 2018-01-11 12:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2018-02-14 08:29 - 2018-01-11 12:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2018-02-14 08:29 - 2018-01-11 12:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-02-14 08:29 - 2018-01-05 12:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2018-02-14 08:29 - 2018-01-05 12:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2018-02-14 08:29 - 2018-01-05 12:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2018-02-14 08:29 - 2018-01-05 12:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2018-02-14 08:29 - 2018-01-05 12:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2018-02-14 08:29 - 2018-01-05 12:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2018-02-14 08:29 - 2018-01-05 12:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2018-02-14 08:29 - 2018-01-05 11:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2018-02-14 08:29 - 2017-12-05 12:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2018-02-14 08:24 - 2018-01-21 19:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-02-14 08:24 - 2018-01-21 19:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-02-14 08:24 - 2018-01-19 10:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-15 06:07 - 2009-07-14 00:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-15 06:07 - 2009-07-14 00:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-15 05:50 - 2011-06-21 19:10 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2018-03-15 05:50 - 2011-06-21 19:10 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2018-03-15 05:50 - 2011-06-21 18:37 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2018-03-15 05:49 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-14 17:34 - 2009-07-13 22:34 - 000000215 _____ C:\Windows\system.ini 2018-03-14 16:06 - 2013-04-04 15:32 - 000000000 ___RD C:\Maintenance 2018-03-14 15:55 - 2011-07-08 14:56 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-14 15:22 - 2009-07-14 01:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-14 15:22 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-03-14 10:54 - 2017-07-07 08:28 - 000000000 ____D C:\Users\jDonna\AppData\Local\ElevatedDiagnostics 2018-03-14 09:31 - 2011-06-21 18:52 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-14 09:30 - 2011-06-21 18:52 - 000000000 ____D C:\ProgramData\Adobe 2018-03-14 09:26 - 2016-11-17 23:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-03-14 09:26 - 2013-02-19 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-14 08:34 - 2016-11-18 08:18 - 000000000 ____D C:\Users\jDonna\AppData\LocalLow\Mozilla 2018-03-11 13:34 - 2011-07-07 15:05 - 000000000 ____D C:\Users\jDonna 2018-03-11 11:00 - 2011-06-21 18:42 - 000000000 ____D C:\ProgramData\Dell 2018-03-11 11:00 - 2011-06-21 18:41 - 000000000 ____D C:\Program Files (x86)\Dell 2018-03-11 10:43 - 2011-07-08 14:54 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\GlarySoft 2018-03-11 10:32 - 2011-07-07 15:10 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Adobe 2018-03-10 14:08 - 2013-01-24 13:27 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2018-03-10 09:50 - 2013-04-05 07:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2018-03-10 09:50 - 2013-04-05 07:55 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2018-03-10 08:49 - 2018-01-30 10:22 - 000000000 ____D C:\ProgramData\Foxit Software 2018-03-10 08:49 - 2011-07-08 14:45 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Foxit Software 2018-03-10 08:41 - 2012-04-04 06:15 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-10 08:41 - 2012-02-21 09:22 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-10 08:41 - 2011-07-07 16:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-10 08:40 - 2011-07-07 16:04 - 000000000 ____D C:\Program Files\CCleaner 2018-03-10 08:40 - 2011-06-21 18:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-10 06:57 - 2017-05-18 16:30 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-03-10 06:56 - 2018-01-05 07:06 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-03-10 06:56 - 2017-11-21 16:12 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-03-10 06:48 - 2018-01-08 11:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-09 19:00 - 2013-01-24 13:27 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Yahoo! 2018-03-09 17:24 - 2014-11-03 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-03-09 17:24 - 2013-04-05 16:06 - 000000000 ____D C:\Program Files\Java 2018-03-09 17:23 - 2013-04-05 16:06 - 000000000 ____D C:\Program Files (x86)\Java 2018-03-09 17:21 - 2017-07-29 22:48 - 000000000 ____D C:\ProgramData\GlarySoft 2018-03-09 17:18 - 2014-11-03 11:08 - 000022542 _____ C:\Users\jDonna\Documents\cc_20141103_100841.reg 2018-03-09 17:14 - 2014-02-15 16:54 - 000000000 ____D C:\Users\jDonna\Documents\Files From Download Folder 2018-02-15 11:57 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache 2018-02-15 04:34 - 2009-07-14 00:45 - 000347688 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-15 04:30 - 2014-12-10 14:56 - 000000000 ____D C:\Windows\system32\appraiser 2018-02-15 04:15 - 2013-07-22 14:29 - 000000000 ____D C:\Windows\system32\MRT 2018-02-15 04:08 - 2017-10-12 03:09 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-02-15 04:08 - 2011-07-11 13:57 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-02-15 04:03 - 2011-02-10 12:10 - 000775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2013-12-02 08:08 - 2013-12-02 08:08 - 049940480 _____ () C:\Program Files (x86)\GUT6C99.tmp 2018-03-11 15:49 - 2018-03-11 15:49 - 000007613 _____ () C:\Users\jDonna\AppData\Local\Resmon.ResmonCfg 2016-05-31 17:05 - 2016-05-31 17:11 - 000000000 _____ () C:\Users\jDonna\AppData\Local\{C86A9BCB-CF98-4B07-AE0A-55BB021D622D} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-09 08:56 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018 Ran by jDonna (15-03-2018 07:07:30) Running from C:\Users\jDonna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-07-07 19:05:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-668790070-1862182065-2749219965-500 - Administrator - Disabled) Guest (S-1-5-21-668790070-1862182065-2749219965-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-668790070-1862182065-2749219965-1002 - Limited - Enabled) jDonna (S-1-5-21-668790070-1862182065-2749219965-1001 - Administrator - Enabled) => C:\Users\jDonna Whitney (S-1-5-21-668790070-1862182065-2749219965-1003 - Limited - Enabled) => C:\Users\Whitney ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform) Dropbox (HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.162 - Google Inc.) Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Firefox 59.0 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0 (x64 en-US)) (Version: 59.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.0.6643 - Mozilla) Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.) RogueKiller version 12.12.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.8.0 - Adlice Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>) ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers1_S-1-5-21-668790070-1862182065-2749219965-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-668790070-1862182065-2749219965-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-668790070-1862182065-2749219965-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0622E485-6387-4048-86D1-15044963D26B} - System32\Tasks\DellPUDCTask => C:\Program Files\Dell\ProductUpdate\DKprodupdate.exe [2012-11-07] () Task: {0BB56019-C605-4FF4-AD2E-48A5BB2FA70F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {101B33B9-2B41-4F21-BB7A-F27713C740B6} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e91370f9623a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {13FA8A70-B47A-4579-BEF2-2DDE8B1070B3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {25537F0C-BA3B-47E8-A01C-B73BAAA9DF65} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-05] (PC-Doctor, Inc.) Task: {2585E615-697E-4FEC-B6E5-E6E4D45B3C84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd) Task: {2A15093C-81BC-4113-9389-D676863BD286} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-03-21] (Glarysoft Ltd) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {305C45C3-1050-4F3D-8FFE-802F25338FFC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {451E851D-8CA0-41FA-AACB-1EAC21BF55A0} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9136f772963 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {47192AC7-A673-4A60-8324-5330E8653929} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd) Task: {4FCEDE4A-8300-48D6-9E43-4D3DA8237F42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {644A26D7-FBB1-4D32-A202-0ABC435FBE84} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-08] (AVAST Software) Task: {7A160C21-2CF3-4D74-9038-5EC246006833} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-10] (AVAST Software) Task: {86E1BDDB-CC36-45C0-B0BA-686374C5430E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {991B3078-226B-4BFC-B678-E3C5372BF6A4} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {BE75D1A1-60A7-45A1-BE33-4C3EA0DDDECE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {CB4F2FEE-BD43-412B-8B17-574466199C61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D0D12C61-C6F4-4D91-87DD-FB8BC1C89007} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-10] (Adobe Systems Incorporated) Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-06-21 18:38 - 2011-08-18 11:05 - 002751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2018-03-10 06:56 - 2018-03-10 06:56 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000326872 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll 2011-06-21 20:06 - 2011-01-27 11:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-05 18:04 - 2012-11-07 23:54 - 000951656 _____ () C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe 2018-03-10 06:56 - 2018-03-10 06:56 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2018-03-14 15:15 - 2018-03-14 15:15 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031402\algo.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll 2018-03-15 05:52 - 2018-03-15 05:52 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031500\algo.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2013-04-05 18:04 - 2012-08-22 07:05 - 001490944 _____ () C:\Program Files (x86)\Dell V520 Series\dkabdrs.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:D346F792 [294] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7936 more sites. IE trusted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\ed.gov -> hxxps://fafsa.ed.gov IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123simsen.com -> www.123simsen.com There are 7934 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2018-03-11 13:49 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jDonna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe.lnk => C:\Windows\pss\StrongVaultApp.exe.lnk.CommonStartup MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B5EEC49B9C0DB3F523345693CFD454 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FC6ABA1E-9B79-4128-8E0B-44F2DB30715F}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{60EA9E56-ED17-4549-BC54-004F1577A0B3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C863BBFB-9D29-4BB1-8926-6CCE32FE1A99}] => (Allow) LPort=2869 FirewallRules: [{42258B0D-3ECA-4EF7-A3B5-D376CADFAB9F}] => (Allow) LPort=1900 FirewallRules: [{FBD3F84E-BCDD-4BBA-A0E3-BE1ACB97705C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{12ECA89E-D406-4431-B326-3794688D06A6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{1981007E-CCC9-4FB0-BEEC-44DAC146695C}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll FirewallRules: [{4C5F1F79-E243-4811-8F09-49A9FF4D140F}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll FirewallRules: [{642F9699-667F-4A2E-AE94-A48F90575E30}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll FirewallRules: [{D9E1BE1E-2A98-44A5-A21D-3972350C9378}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll FirewallRules: [{5DD66C80-D9B7-4429-BCEA-181F2F050951}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe FirewallRules: [{8A8461BF-7E03-403A-9733-6D7478BA3786}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe FirewallRules: [{23566B71-04BE-4381-A9AC-1037FE0E8AE1}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe FirewallRules: [{98BE3830-BE88-4DF9-BD8A-E4B61F21FE0E}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe FirewallRules: [{3CE57619-DEBB-469D-85F4-4054984BAB79}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll FirewallRules: [{7A57B787-9339-4BFB-B17C-5C8CD8CA8B59}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll FirewallRules: [{58145A85-C7BA-43E5-8318-3DA78C076121}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe FirewallRules: [{08094551-E76E-440B-B0C2-E591EEC5C7BB}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe FirewallRules: [{7F329BC2-3F9D-42EA-88FB-6D85DD50671E}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe FirewallRules: [{DAE81A8F-75EB-4CA1-BFCF-FE12C130AD2C}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe FirewallRules: [TCP Query User{4DDD6FEE-5BB7-41D8-B8A0-A36CA1947FD0}C:\program files (x86)\dell v520 series\dkadgmon.exe] => (Block) C:\program files (x86)\dell v520 series\dkadgmon.exe FirewallRules: [UDP Query User{47329572-2EF7-422D-B361-80DD85E7E718}C:\program files (x86)\dell v520 series\dkadgmon.exe] => (Block) C:\program files (x86)\dell v520 series\dkadgmon.exe FirewallRules: [{A0CDDEC7-E5D2-4135-BDE9-18F97905BD51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4179A541-6B3C-4881-8950-FE10455FE860}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{36E139CE-1479-4B2D-B73B-613D38F836AE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{EF632F1B-42E4-4078-A387-763785D0C896}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{A5440852-4C06-45B5-A037-82AF249652E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F02FBD84-EF71-4151-8663-71D2C8DE3025}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A585E29D-1BDF-4C29-821D-DC01C8DDF2FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{649C757B-81DF-44F6-8016-A4452B40BE3A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{58E49D78-84B6-4755-B817-4A721E0762FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 25-08-2017 09:01:35 Scheduled Checkpoint 01-09-2017 15:21:12 Scheduled Checkpoint 08-09-2017 20:18:17 Scheduled Checkpoint 14-09-2017 03:00:50 Windows Update 21-09-2017 10:32:29 Scheduled Checkpoint 28-09-2017 11:48:53 Scheduled Checkpoint 06-10-2017 08:07:25 Scheduled Checkpoint 12-10-2017 03:00:35 Windows Update 19-10-2017 09:50:13 Scheduled Checkpoint 27-10-2017 09:40:21 Scheduled Checkpoint 04-11-2017 07:52:54 Scheduled Checkpoint 11-11-2017 09:17:34 Scheduled Checkpoint 15-11-2017 11:35:21 Windows Update 22-11-2017 11:49:55 Scheduled Checkpoint 22-11-2017 18:09:27 Windows Update 30-11-2017 09:13:02 Scheduled Checkpoint 07-12-2017 18:19:29 Scheduled Checkpoint 08-12-2017 04:00:28 Windows Update 14-12-2017 04:00:28 Windows Update 22-12-2017 09:11:43 Scheduled Checkpoint 29-12-2017 09:30:41 Scheduled Checkpoint 05-01-2018 09:41:07 Scheduled Checkpoint 09-01-2018 04:00:29 Windows Update 11-01-2018 04:00:51 Windows Update 18-01-2018 09:59:06 Scheduled Checkpoint 20-01-2018 04:00:25 Windows Update 27-01-2018 12:27:59 Scheduled Checkpoint 30-01-2018 04:00:26 Windows Update 07-02-2018 09:49:44 Scheduled Checkpoint 14-02-2018 10:46:21 Scheduled Checkpoint 15-02-2018 04:00:34 Windows Update 22-02-2018 11:12:13 Scheduled Checkpoint 02-03-2018 09:35:19 Scheduled Checkpoint 09-03-2018 13:27:20 Scheduled Checkpoint 09-03-2018 17:21:58 Removed Java 8 Update 144 09-03-2018 17:23:31 Removed Java 8 Update 144 (64-bit) 10-03-2018 14:05:22 Checkpoint by HitmanPro 10-03-2018 14:08:05 Checkpoint by HitmanPro 11-03-2018 09:34:45 Cleaner (Spybot - Search & Destroy 2.6, administrator privileges 11-03-2018 10:23:53 Windows Update 11-03-2018 10:59:34 Revo Uninstaller's restore point - Dell DataSafe Online 11-03-2018 11:00:05 Removed Dell DataSafe Online 11-03-2018 11:02:08 Revo Uninstaller's restore point - Dell DataSafe Online 11-03-2018 14:35:05 I 14-03-2018 17:27:10 ComboFix created restore point ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/15/2018 05:56:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (03/15/2018 05:50:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/14/2018 05:44:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/14/2018 04:17:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/14/2018 03:16:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/14/2018 11:45:44 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY) Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\. Error: (03/14/2018 11:45:44 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY) Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\. Error: (03/14/2018 10:48:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). System errors: ============= Error: (03/14/2018 05:49:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (03/14/2018 05:41:47 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (03/14/2018 05:34:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/14/2018 05:32:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/14/2018 04:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure. Error: (03/14/2018 04:15:12 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/14/2018 04:14:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/14/2018 04:14:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Windows Defender: =================================== Date: 2016-05-20 07:13:37.204 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033 Name:BrowserModifier:Win32/DefaultTab ID:207033 Severity:High Category:Browser Modifier Path Found:file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\addon.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DT.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico;file:c:\users\whitney\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\18x18.png;f Detection Type:Concrete Detection Source:System Status:Unknown Process Name:c:\program files\windows defender\MpCmdRun.exe Date: 2016-05-11 03:41:58.332 Description: Windows Defender scan has been stopped before completion. Scan ID:{1B0720FD-E070-4341-BC25-627EC8C51FF3} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2014-12-26 08:36:04.863 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033 Name:BrowserModifier:Win32/DefaultTab ID:207033 Severity:High Category:Browser Modifier Path Found:containerfile:C:\Program Files (x86)\DefaultTab\DefaultTab.crx;containerfile:c:\users\whitney\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\plugins\npDefaultTabSearch.dll;file:C:\Program Files (x86)\DefaultTab\DefaultTab.crx;file:C:\Program Files (x86)\DefaultTab\DefaultTab.crx->[ChromeCrxPackage]->js/SearchBox.js;file:C:\Program Files (x86)\DefaultTab\DefaultTab.crx->[ChromeCrxPackage]->plugins/npDefaultTabSearch.dll;file:C:\Program Files (x86)\DefaultTab\uid;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\addon.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DT.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\fac Detection Type:Concrete Detection Source:System Status:Unknown Process Name:c:\program files\windows defender\MpCmdRun.exe CodeIntegrity: =================================== Date: 2018-03-11 13:34:02.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-11 13:34:01.762 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-19 19:24:07.532 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-19 19:24:07.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-18 09:12:33.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-18 09:12:33.033 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-17 17:43:04.360 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-17 17:43:03.970 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentage of memory in use: 31% Total physical RAM: 6056.63 MB Available physical RAM: 4147.18 MB Total Virtual: 12111.43 MB Available Virtual: 10401.71 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:667.43 GB) NTFS \\?\Volume{31b8365c-9c66-11e0-8451-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: F2672FB5) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. After Combo Log was generated an error popped up. "An error 'exception access violation in module ERUNT.3EXE at 00003A38. Access violation at address 00403A38 in module 'ERUNT.EXE read of address 0076005D." Below is Combo Fix Log: ComboFix 18-03-14.01 - jDonna 03/14/2018 17:29:00.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4146 [GMT -4:00] Running from: c:\users\jDonna\Desktop\ComboFix.exe AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2018-02-14 to 2018-03-14 ))))))))))))))))))))))))))))))) . . 2018-03-14 21:34 . 2018-03-14 21:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2018-03-14 21:34 . 2018-03-14 21:34 -------- d-----w- c:\users\Whitney\AppData\Local\temp 2018-03-14 21:34 . 2018-03-14 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2018-03-14 20:08 . 2018-03-14 20:20 -------- d-----w- C:\AdwCleaner 2018-03-14 19:55 . 2018-03-14 19:55 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2018-03-14 19:55 . 2018-01-18 13:03 76200 ----a-w- c:\windows\system32\drivers\mbae64.sys 2018-03-14 13:31 . 2018-03-14 13:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2018-03-13 21:50 . 2018-03-13 22:11 -------- d-----w- C:\FRST 2018-03-11 19:55 . 2018-03-11 20:02 -------- d-----w- c:\users\jDonna\AppData\Roaming\Free Window Registry Repair 2018-03-11 18:48 . 2018-03-11 18:48 -------- d-----w- c:\users\jDonna\AppData\Local\Little_Apps 2018-03-11 17:57 . 2018-03-11 17:57 -------- d-----w- C:\$AV_ASW 2018-03-11 14:32 . 2018-03-11 14:32 -------- d-----w- c:\windows\SysWow64\Adobe 2018-03-11 14:32 . 2018-03-11 14:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2018-03-11 14:32 . 2018-03-14 13:40 -------- d-----w- c:\users\jDonna\AppData\Local\Adobe 2018-03-11 14:21 . 2018-03-11 14:21 -------- d-----w- c:\program files (x86)\UltimateOutsider 2018-03-11 12:57 . 2018-03-11 15:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2018-03-11 12:57 . 2018-03-11 15:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2018-03-10 17:52 . 2018-03-10 18:10 55232 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2018-03-10 17:52 . 2018-03-10 18:09 -------- d-----w- c:\programdata\HitmanPro 2018-03-10 15:11 . 2018-03-10 15:11 -------- d-----w- c:\users\jDonna\AppData\Local\ESET 2018-03-10 13:55 . 2018-03-10 13:55 -------- d-----w- c:\windows\ERUNT 2018-03-10 13:54 . 2018-03-10 13:54 -------- d-----w- C:\JRT 2018-03-10 13:50 . 2018-03-10 13:50 -------- d-----w- c:\users\jDonna\AppData\Roaming\SUPERAntiSpyware.com 2018-03-10 13:50 . 2018-03-10 13:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2018-03-10 13:00 . 2018-03-10 13:00 -------- d-----w- c:\program files\VS Revo Group 2018-03-10 10:57 . 2018-03-10 10:56 380768 ----a-w- c:\windows\system32\aswBoot.exe 2018-03-09 22:22 . 2018-03-14 19:21 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2018-03-09 22:22 . 2018-03-09 23:02 -------- d-----w- c:\programdata\RogueKiller 2018-03-09 22:22 . 2018-03-14 19:21 -------- d-----w- c:\program files\RogueKiller 2018-02-14 12:24 . 2018-01-19 14:05 1569280 ----a-w- c:\windows\system32\appraiser.dll 2018-02-14 12:24 . 2018-01-21 23:50 136424 ----a-w- c:\windows\system32\CompatTelRunner.exe 2018-02-14 12:24 . 2018-01-21 23:40 654336 ----a-w- c:\windows\system32\aeinv.dll 2018-02-14 12:24 . 2018-01-19 14:05 749568 ----a-w- c:\windows\system32\generaltel.dll 2018-02-14 12:24 . 2018-01-19 14:05 604672 ----a-w- c:\windows\system32\devinv.dll 2018-02-14 12:24 . 2018-01-19 14:05 450048 ----a-w- c:\windows\system32\centel.dll 2018-02-14 12:24 . 2018-01-19 14:05 378880 ----a-w- c:\windows\system32\invagent.dll 2018-02-14 12:24 . 2018-01-19 14:05 236544 ----a-w- c:\windows\system32\aepic.dll 2018-02-14 12:24 . 2018-01-19 14:05 1994752 ----a-w- c:\windows\system32\aitstatic.exe 2018-02-14 12:24 . 2018-01-19 14:05 262144 ----a-w- c:\windows\system32\acmigration.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2018-03-10 12:41 . 2012-04-04 10:15 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2018-03-10 12:41 . 2011-07-07 20:35 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2018-03-10 10:56 . 2017-05-18 20:30 205976 ----a-w- c:\windows\system32\drivers\aswStm.sys 2018-03-10 10:56 . 2017-11-21 20:12 196648 ----a-w- c:\windows\system32\drivers\aswArPot.sys 2018-03-10 10:56 . 2017-05-18 20:30 460520 ----a-w- c:\windows\system32\drivers\aswSP.sys 2018-03-10 10:56 . 2017-05-18 20:30 380528 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2018-03-10 10:56 . 2017-05-18 20:30 84368 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2018-03-10 10:56 . 2017-05-18 20:30 46968 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2018-03-10 10:56 . 2017-05-18 20:30 146656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2018-03-10 10:56 . 2017-05-18 20:30 110328 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2018-03-10 10:56 . 2017-05-18 20:30 1026696 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2018-03-10 10:56 . 2018-01-05 11:06 215320 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys 2018-03-10 10:56 . 2017-05-18 20:30 57680 ----a-w- c:\windows\system32\drivers\aswbuniva.sys 2018-03-10 10:56 . 2017-05-18 20:30 343752 ----a-w- c:\windows\system32\drivers\aswbloga.sys 2018-03-10 10:56 . 2017-05-18 20:30 199440 ----a-w- c:\windows\system32\drivers\aswbidsha.sys 2018-03-10 10:56 . 2017-05-18 20:30 227504 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys 2018-02-15 08:08 . 2017-10-12 07:09 130067560 -c--a-w- c:\windows\system32\MRT-KB890830.exe 2018-02-15 08:08 . 2011-07-11 17:57 130067560 -c--a-w- c:\windows\system32\MRT.exe 2018-01-30 14:40 . 2018-01-30 14:41 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2018-01-30 14:24 . 2014-11-03 14:55 97344 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2018-01-12 16:26 . 2018-02-14 12:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2018-01-05 11:07 . 2018-01-05 11:07 45704 ----a-w- c:\windows\system32\drivers\staport.sys 2018-01-01 16:12 . 2018-01-09 00:18 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2018-01-01 02:21 . 2018-01-09 00:18 1680616 ----a-w- c:\windows\system32\drivers\ntfs.sys 2018-01-01 02:21 . 2018-01-09 00:18 948968 ----a-w- c:\windows\system32\drivers\ndis.sys 2018-01-01 02:21 . 2018-01-09 00:18 288488 ----a-w- c:\windows\system32\drivers\fltMgr.sys 2018-01-01 02:21 . 2018-01-09 00:18 213736 ----a-w- c:\windows\system32\drivers\rdyboost.sys 2018-01-01 02:21 . 2018-01-09 00:18 114408 ----a-w- c:\windows\system32\consent.exe 2018-01-01 02:18 . 2018-01-09 00:18 16896 ----a-w- c:\windows\system32\wshqos.dll 2018-01-01 02:18 . 2018-01-09 00:18 13312 ----a-w- c:\windows\system32\wshnetbs.dll 2018-01-01 02:18 . 2018-01-09 00:18 1741312 ----a-w- c:\windows\system32\sysmain.dll 2018-01-01 02:18 . 2018-01-09 00:18 473600 ----a-w- c:\windows\system32\taskcomp.dll 2018-01-01 02:18 . 2018-01-09 00:18 444928 ----a-w- c:\windows\system32\winhttp.dll 2018-01-01 02:18 . 2018-01-09 00:18 366592 ----a-w- c:\windows\system32\wcncsvc.dll 2018-01-01 02:18 . 2018-01-09 00:18 120320 ----a-w- c:\windows\system32\WcnApi.dll 2018-01-01 02:18 . 2018-01-09 00:18 22528 ----a-w- c:\windows\system32\wfapigp.dll 2018-01-01 02:18 . 2018-01-09 00:18 39424 ----a-w- c:\windows\system32\traffic.dll 2018-01-01 02:18 . 2018-01-09 00:18 24576 ----a-w- c:\windows\system32\WcnEapPeerProxy.dll 2018-01-01 02:18 . 2018-01-09 00:18 24064 ----a-w- c:\windows\system32\WcnEapAuthProxy.dll 2018-01-01 02:18 . 2018-01-09 00:18 14183936 ----a-w- c:\windows\system32\shell32.dll 2018-01-01 02:18 . 2018-01-09 00:18 1110528 ----a-w- c:\windows\system32\schedsvc.dll 2018-01-01 02:18 . 2018-01-09 00:18 512000 ----a-w- c:\windows\system32\rpcss.dll 2018-01-01 02:18 . 2018-01-09 00:18 95744 ----a-w- c:\windows\system32\rascfg.dll 2018-01-01 02:18 . 2018-01-09 00:18 76288 ----a-w- c:\windows\system32\rasdiag.dll 2018-01-01 02:18 . 2018-01-09 00:18 41472 ----a-w- c:\windows\system32\rasmxs.dll 2018-01-01 02:18 . 2018-01-09 00:18 29696 ----a-w- c:\windows\system32\rasser.dll 2018-01-01 02:18 . 2018-01-09 00:18 2066432 ----a-w- c:\windows\system32\ole32.dll 2018-01-01 02:18 . 2018-01-09 00:18 439296 ----a-w- c:\windows\system32\p2psvc.dll 2018-01-01 02:18 . 2018-01-09 00:18 842752 ----a-w- c:\windows\system32\nshwfp.dll 2018-01-01 02:18 . 2018-01-09 00:18 264704 ----a-w- c:\windows\system32\P2P.dll 2018-01-01 02:18 . 2018-01-09 00:18 327168 ----a-w- c:\windows\system32\pnrpsvc.dll 2018-01-01 02:18 . 2018-01-09 00:18 26112 ----a-w- c:\windows\system32\oleres.dll 2018-01-01 02:18 . 2018-01-09 00:18 2004480 ----a-w- c:\windows\system32\msxml6.dll 2018-01-01 02:18 . 2018-01-09 00:18 70656 ----a-w- c:\windows\system32\nlaapi.dll 2018-01-01 02:18 . 2018-01-09 00:18 303104 ----a-w- c:\windows\system32\nlasvc.dll 2018-01-01 02:18 . 2018-01-09 00:18 223232 ----a-w- c:\windows\system32\ncsi.dll 2018-01-01 02:18 . 2018-01-09 00:18 60928 ----a-w- c:\windows\system32\ndptsp.tsp 2018-01-01 02:18 . 2018-01-09 00:18 2048 ----a-w- c:\windows\system32\msxml6r.dll 2018-01-01 02:18 . 2018-01-09 00:18 828928 ----a-w- c:\windows\system32\MPSSVC.dll 2018-01-01 02:18 . 2018-01-09 00:18 47104 ----a-w- c:\windows\system32\kmddsp.tsp 2018-01-01 02:18 . 2018-01-09 00:18 977408 ----a-w- c:\windows\system32\inetcomm.dll 2018-01-01 02:18 . 2018-01-09 00:18 863232 ----a-w- c:\windows\system32\IKEEXT.DLL 2018-01-01 02:18 . 2018-01-09 00:18 108544 ----a-w- c:\windows\system32\icfupgd.dll 2018-01-01 02:18 . 2018-01-09 00:18 84480 ----a-w- c:\windows\system32\INETRES.dll 2018-01-01 02:18 . 2018-01-09 00:18 749568 ----a-w- c:\windows\system32\FirewallAPI.dll 2018-01-01 02:18 . 2018-01-09 00:18 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll 2018-01-01 02:18 . 2018-01-09 00:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2018-01-01 02:18 . 2018-01-09 00:18 101376 ----a-w- c:\windows\system32\fdWCN.dll 2018-01-01 02:18 . 2018-01-09 00:18 8704 ----a-w- c:\windows\system32\comcat.dll 2018-01-01 02:18 . 2018-01-09 00:18 1942016 ----a-w- c:\windows\system32\authui.dll 2018-01-01 02:18 . 2018-01-09 00:18 705024 ----a-w- c:\windows\system32\BFE.DLL 2018-01-01 02:18 . 2018-01-09 00:18 961024 ----a-w- c:\windows\system32\actxprxy.dll 2018-01-01 02:18 . 2018-01-09 00:18 70144 ----a-w- c:\windows\system32\appinfo.dll 2018-01-01 02:04 . 2018-01-09 00:18 559616 ----a-w- c:\windows\system32\spoolsv.exe 2018-01-01 02:00 . 2018-01-09 00:18 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2018-01-01 02:00 . 2018-01-09 00:18 351744 ----a-w- c:\windows\SysWow64\winhttp.dll 2018-01-01 02:00 . 2018-01-09 00:18 304640 ----a-w- c:\windows\SysWow64\taskcomp.dll 2018-01-01 02:00 . 2018-01-09 00:18 33280 ----a-w- c:\windows\SysWow64\traffic.dll 2018-01-01 02:00 . 2018-01-09 00:18 81408 ----a-w- c:\windows\SysWow64\rascfg.dll 2018-01-01 02:00 . 2018-01-09 00:18 61952 ----a-w- c:\windows\SysWow64\rasdiag.dll 2018-01-01 02:00 . 2018-01-09 00:18 1417728 ----a-w- c:\windows\SysWow64\ole32.dll 2018-01-01 02:00 . 2018-01-09 00:18 666624 ----a-w- c:\windows\SysWow64\nshwfp.dll 2018-01-01 02:00 . 2018-01-09 00:18 217600 ----a-w- c:\windows\SysWow64\P2P.dll 2018-01-01 02:00 . 2018-01-09 00:18 26112 ----a-w- c:\windows\SysWow64\oleres.dll 2018-01-01 02:00 . 2018-01-09 00:18 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2018-01-01 02:00 . 2018-01-09 00:18 50688 ----a-w- c:\windows\SysWow64\ndptsp.tsp 2018-01-01 02:00 . 2018-01-09 00:18 162304 ----a-w- c:\windows\SysWow64\ncsi.dll 2018-01-01 02:00 . 2018-01-09 00:18 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2018-01-01 02:00 . 2018-01-09 00:18 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll 2018-01-01 02:00 . 2018-01-09 00:18 741888 ----a-w- c:\windows\SysWow64\inetcomm.dll 2018-01-01 02:00 . 2018-01-09 00:18 84480 ----a-w- c:\windows\SysWow64\INETRES.dll 2018-01-01 02:00 . 2018-01-09 00:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2018-01-01 02:00 . 2018-01-09 00:18 463360 ----a-w- c:\windows\SysWow64\FirewallAPI.dll 2018-01-01 02:00 . 2018-01-09 00:18 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll 2018-01-01 02:00 . 2018-01-09 00:18 81920 ----a-w- c:\windows\SysWow64\fdWCN.dll 2018-01-01 01:59 . 2018-01-09 00:18 1806848 ----a-w- c:\windows\SysWow64\authui.dll 2018-01-01 01:59 . 2018-01-09 00:18 309760 ----a-w- c:\windows\SysWow64\actxprxy.dll 2018-01-01 01:55 . 2018-01-09 00:18 88576 ----a-w- c:\windows\system32\drivers\wanarp.sys 2018-01-01 01:55 . 2018-01-09 00:18 58368 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2018-01-01 01:55 . 2018-01-09 00:18 24064 ----a-w- c:\windows\system32\drivers\ndistapi.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-12-19 587288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616] . c:\users\jDonna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x] R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x] S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x] S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x] S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x] S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x] S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x] S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2016-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:41] . 2013-04-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-08 15:15] . 2016-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 21:00] . 2016-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 21:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2017-11-10 15:52 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2017-11-10 15:52 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2017-11-10 15:52 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw] @="{472083B0-C522-11CF-8763-00608CC02F24}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2018-03-10 10:56 1760984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw] @="{472083B0-C522-11CF-8763-00608CC02F24}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2018-03-10 10:56 1760984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-10 245608] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704] "DKADGmon"="c:\program files (x86)\Dell V520 Series\DKADGmon.exe" [2012-11-08 951656] "GwxControlPanelMonitor"="c:\program files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" [2016-04-02 4596296] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://duckduckgo.com/ mStart Page = www.google.com mSearch Page = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms} mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=odc089 uSearchAssistant = hxxp://www.google.com Trusted Zone: ed.gov\fafsa TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\jDonna\AppData\Roaming\Mozilla\Firefox\Profiles\tuwf6cd7.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered Search FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/ FF - prefs.js: keyword.URL - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file) Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file) BHO-{82A76710-4F98-4957-92BE-99648A4E2475} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) . . . Completion time: 2018-03-14 17:39:38 ComboFix-quarantined-files.txt 2018-03-14 21:39 ComboFix2.txt 2018-03-11 17:57 . Pre-Run: 717,758,853,120 bytes free Post-Run: 717,024,370,688 bytes free . - - End Of File - - 95A1EAE2A71E8D5472FE9A0E9B4C8053 5C616939100B85E558DA92B899A0FC36
  8. RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : jDonna [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 03/14/2018 15:21:57 (Duration : 00:24:33) Switches : -refid ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 19 ¤¤¤ [PUP.SpeedUpMyPc|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected [Adw.Sendori] (X64) HKEY_USERS\.DEFAULT\Software\Sendori -> Deleted [Adw.Sendori] (X86) HKEY_USERS\.DEFAULT\Software\Sendori -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Little Registry Cleaner -> Not selected [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-668790070-1862182065-2749219965-1001\Software\YahooPartnerToolbar -> Not selected [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Little Registry Cleaner -> Not selected [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-668790070-1862182065-2749219965-1001\Software\YahooPartnerToolbar -> Not selected [Adw.Sendori] (X64) HKEY_USERS\S-1-5-18\Software\Sendori -> Deleted [Adw.Sendori] (X86) HKEY_USERS\S-1-5-18\Software\Sendori -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-668790070-1862182065-2749219965-1001\Software\AppDataLow\Software\iWon -> Not selected [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-668790070-1862182065-2749219965-1001\Software\AppDataLow\Software\iWon -> Not selected [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {b278d9f8-0fa9-465e-9938-0c392605d8e3} : PlayBryte Toolbar -> Not selected [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EF99BD32-C1FB-11D2-892F-0090271D4F88} : -> Not selected [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Not selected [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\AutorunsDisabled | {82E1477C-B154-48D3-9891-33D83C26BCD3} : Delta Toolbar -> Not selected [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rsdrv2 (system32\DRIVERS\stflt.sys) -> Not selected [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Not selected [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sp_rsdrv2 (system32\DRIVERS\stflt.sys) -> Not selected [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 3 ¤¤¤ [PUP.Auslogics][Folder] C:\Users\jDonna\AppData\Roaming\Auslogics -> Deleted [PUP.Auslogics][File] C:\Users\jDonna\AppData\Roaming\Auslogics\Disk Defrag\Reports\Disk_Defrag_Report.html -> Deleted [PUP.Auslogics][File] C:\Users\jDonna\AppData\Roaming\Auslogics\Disk Defrag\Reports\Disk_Defrag_Report.xml -> Deleted [PUP.Auslogics][Folder] C:\Users\jDonna\AppData\Roaming\Auslogics\Disk Defrag\Reports -> Deleted [PUP.Auslogics][Folder] C:\Users\jDonna\AppData\Roaming\Auslogics\Disk Defrag -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games -> Removed at reboot [91] [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\doc\license -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\doc -> Removed at reboot [91] [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\icons\logo-small.ico -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\icons\logo.ico -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\icons -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\plugins\npgears_titanium.dll -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\plugins -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\Resources\appcelerator.xml -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources\css -> ERROR [5] [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\Resources\exit.html -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources\games -> ERROR [5] [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\Resources\games.xml -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources\img -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources\js -> ERROR [5] [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\Resources\main.html -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources\player -> ERROR [5] [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\Resources\playerProductInstall.swf -> Deleted [PUP.Gen1][File] C:\Program Files (x86)\Playalot Games\Resources\tiapp.xml -> Deleted [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources\titanium -> ERROR [5] [PUP.Gen1][Folder] C:\Program Files (x86)\Playalot Games\Resources -> Removed at reboot [91] [PUP.YahooPowered][File] C:\Users\jDonna\AppData\Roaming\Mozilla\Firefox\Profiles\tuwf6cd7.default\searchplugins\yahoo! powered search.xml -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 3 ¤¤¤ [PUM.SearchEngine][Firefox:Config] tuwf6cd7.default : user_pref("browser.search.selectedEngine", "Yahoo! Powered Search"); -> Not selected [PUM.SearchEngine][Firefox:Config] tuwf6cd7.default : user_pref("browser.search.defaultenginename", "Yahoo! Powered Search"); -> Not selected [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [www.yahoo.com] -> Not selected ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD10EALX-759BA1 ATA Device +++++ --- User --- [MBR] 648f79c8a98375de1ff8a65a22ad8d26 [BSP] ce17e226db92b183ad3b8e0a4e116446 : HP|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 14142 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: USB Device +++++ --- User --- [MBR] 9bd8cd734b66de95251b78074707c770 [BSP] 397f8d0a5c6094c0652366d6485dc9fb : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32 | Size: 7699 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/14/18 Scan Time: 3:56 PM Log File: c2dd2c43-27c1-11e8-b770-f04da2f65fef.json Administrator: Yes -Software Information- Version: 3.4.4.2398 Components Version: 1.0.322 Update Package Version: 1.0.4358 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: jDonna-PC\jDonna -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 328834 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 8 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) # AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 14 20:14:47 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: YahooAUService ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\Playalot Games Deleted: C:\Users\jDonna\AppData\Local\VirtualStore\Program Files (x86)\Playalot Games ***** [ Files ] ***** Deleted: C:\Users\All Users\Desktop\Playalot Games.lnk Deleted: C:\Users\Public\Desktop\Playalot Games.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com Deleted: [Key] - HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\AppDataLow\Software\iWon Deleted: [Key] - HKCU\Software\AppDataLow\Software\iWon Deleted: [Key] - HKLM\SOFTWARE\Uniblue Deleted: [Key] - HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\YahooPartnerToolbar Deleted: [Key] - HKCU\Software\YahooPartnerToolbar Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{D4027C7F-154A-4066-A1AD-4243D8127440} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DE2353A3121A7924AAF4076BE0B46D13 Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\DE2353A3121A7924AAF4076BE0B46D13 Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\DE2353A3121A7924AAF4076BE0B46D13 Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95} Deleted: [Key] - HKLM\SOFTWARE\Uniblue\DriverScanner Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com Deleted: [Key] - HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Little Registry Cleaner Deleted: [Key] - HKCU\Software\Little Registry Cleaner Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\freelocalweather.dl.myway.com ***** [ Firefox (and derivatives) ] ***** SearchProvider deleted: websearch.shopathome.com - Web Search SearchProvider deleted: websearch.ask.com - Ask.com Search SearchProvider deleted: mystart.incredibar.com - MyStart Search SearchProvider deleted: search.mywebsearch.com - My Web Search ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: MyStart Search - mystart.incredibar.com/mb185 ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4345 B] - [2018/3/14 20:9:29] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  9. Hope you can help. I will follow instructions faithfully. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2018 Ran by jDonna (administrator) on JDONNA-PC (13-03-2018 18:10:08) Running from C:\Users\jDonna\Desktop Loaded Profiles: jDonna (Available Profiles: jDonna & Whitney) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-10] (AVAST Software) HKLM\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] () HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-09] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION Startup: C:\Users\jDonna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-05-19] () BootExecute: sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9EAABF78-02FF-4F31-9444-B6C66EEA71C4}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/ SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {055EC08A-EA81-4216-BB5F-299DDD7506CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-verti/search/redirect/?type=default&user_id=33fff43b-6076-4b0f-b550-f57348e5437a&query={searchTerms} SearchScopes: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-01] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-01] (Google Inc.) BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-01] (Google Inc.) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-01] (Google Inc.) Toolbar: HKU\S-1-5-21-668790070-1862182065-2749219965-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-01] (Google Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\jDonna\AppData\Roaming\Mozilla\Firefox\Profiles\tuwf6cd7.default [2018-03-13] FF Homepage: Mozilla\Firefox\Profiles\tuwf6cd7.default -> hxxps://duckduckgo.com/ FF SearchPlugin: C:\Users\jDonna\AppData\Roaming\Mozilla\Firefox\Profiles\tuwf6cd7.default\searchplugins\yahoo! powered search.xml [2017-05-18] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-03-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=odc089 CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc089" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms} CHR DefaultSearchKeyword: Default -> www.yahoo.com CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Profile: C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default [2018-03-13] CHR Extension: (Play Game Phrase Ad) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegdkgknfjdjfjcgepgobibefcnfgfko [2017-05-18] CHR Extension: (SearchBar) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2017-07-29] CHR Extension: (ArcadeZoom Ads) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkladighnakihefhlcdhdicglpkamcn [2018-03-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-19] CHR Extension: (Chrome Media Router) - C:\Users\jDonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-07] CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - <no Path/update_url> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-10] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-10] (AVAST Software) S3 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-10] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-10] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-10] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-10] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-10] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-10] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-10] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-10] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-10] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-10] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-10] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-10] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-10] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-10] (AVAST Software) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-03-10] () S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-11] (Malwarebytes) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-13 18:10 - 2018-03-13 18:10 - 000018004 _____ C:\Users\jDonna\Desktop\FRST.txt 2018-03-13 17:59 - 2009-07-14 00:54 - 000001304 _____ C:\Users\jDonna\Desktop\Notepad.lnk 2018-03-13 17:50 - 2018-03-13 18:10 - 000000000 ____D C:\FRST 2018-03-13 17:49 - 2018-03-13 15:09 - 002402816 _____ (Farbar) C:\Users\jDonna\Desktop\FRST64.exe 2018-03-11 16:12 - 2018-03-11 16:12 - 000000000 ____D C:\Users\Whitney\Documents\CClean Reg BU 2018-03-11 15:55 - 2018-03-11 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2018-03-11 15:55 - 2018-03-11 16:02 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Free Window Registry Repair 2018-03-11 15:55 - 2018-03-11 15:55 - 000000993 _____ C:\Users\Whitney\Desktop\Free Window Registry Repair.lnk 2018-03-11 15:53 - 2018-03-11 15:53 - 000808399 _____ C:\Users\jDonna\Downloads\RegpairSetup.exe 2018-03-11 15:49 - 2018-03-11 15:49 - 000007613 _____ C:\Users\jDonna\AppData\Local\Resmon.ResmonCfg 2018-03-11 14:48 - 2018-03-11 14:48 - 000000000 ____D C:\Users\jDonna\AppData\Local\Little_Apps 2018-03-11 13:57 - 2018-03-11 13:57 - 000032104 _____ C:\ComboFix.txt 2018-03-11 13:57 - 2018-03-11 13:57 - 000000000 ___HD C:\$AV_ASW 2018-03-11 13:26 - 2011-06-26 02:45 - 000256000 _____ C:\Windows\PEV.exe 2018-03-11 13:26 - 2010-11-07 13:20 - 000208896 _____ C:\Windows\MBR.exe 2018-03-11 13:26 - 2009-04-20 00:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000098816 _____ C:\Windows\sed.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000080412 _____ C:\Windows\grep.exe 2018-03-11 13:26 - 2000-08-30 20:00 - 000068096 _____ C:\Windows\zip.exe 2018-03-11 13:25 - 2018-03-11 13:57 - 000000000 ____D C:\Qoobox 2018-03-11 13:25 - 2018-03-11 13:55 - 000000000 ____D C:\Windows\erdnt 2018-03-11 12:57 - 2018-03-11 12:58 - 000204600 _____ C:\TDSSKiller.3.1.0.16_11.03.2018_12.57.48_log.txt 2018-03-11 12:57 - 2018-03-11 12:57 - 000000366 _____ C:\TDSSKiller.3.1.0.15_11.03.2018_12.57.13_log.txt 2018-03-11 10:32 - 2018-03-11 10:32 - 000000000 ____D C:\Windows\SysWOW64\Adobe 2018-03-11 10:32 - 2018-03-11 10:32 - 000000000 ____D C:\Users\jDonna\AppData\Local\Adobe 2018-03-11 10:21 - 2018-03-11 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2018-03-11 10:21 - 2018-03-11 10:21 - 000000000 ____D C:\Program Files (x86)\UltimateOutsider 2018-03-11 09:50 - 2018-02-10 10:23 - 000000832 _____ C:\Windows\system32\Drivers\etc\hosts.20180311-095038.backup 2018-03-11 09:33 - 2018-03-11 11:40 - 000006218 _____ C:\Windows\wininit.ini 2018-03-11 08:58 - 2018-03-11 08:58 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2018-03-11 08:57 - 2018-03-11 11:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-03-11 08:57 - 2018-03-11 11:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2018-03-10 14:35 - 2018-03-10 14:35 - 000000000 ____D C:\Users\jDonna\AppData\LocalLow\Spyware Terminator 2018-03-10 14:08 - 2018-03-10 14:08 - 000033816 _____ C:\Windows\system32\.crusader 2018-03-10 13:52 - 2018-03-10 14:10 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2018-03-10 13:52 - 2018-03-10 14:09 - 000000000 ____D C:\ProgramData\HitmanPro 2018-03-10 11:11 - 2018-03-10 11:11 - 000000000 ____D C:\Users\jDonna\AppData\Local\ESET 2018-03-10 10:40 - 2018-03-11 16:13 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-10 09:55 - 2018-03-10 09:55 - 000000000 ____D C:\Windows\ERUNT 2018-03-10 09:54 - 2018-03-10 09:54 - 000000000 ____D C:\JRT 2018-03-10 09:50 - 2018-03-10 09:50 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\SUPERAntiSpyware.com 2018-03-10 09:50 - 2018-03-10 09:50 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2018-03-10 09:47 - 2018-03-10 09:47 - 000000000 ____D C:\ProgramData\ESET 2018-03-10 09:14 - 2018-03-10 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-10 09:14 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-10 09:00 - 2018-03-10 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2018-03-10 09:00 - 2018-03-10 09:00 - 000000000 ____D C:\Program Files\VS Revo Group 2018-03-10 08:49 - 2018-03-10 08:49 - 000001313 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2018-03-10 08:49 - 2018-03-10 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2018-03-10 08:40 - 2018-03-10 08:40 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-03-10 06:57 - 2018-03-10 06:56 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-03-09 18:22 - 2018-03-09 19:02 - 000000000 ____D C:\ProgramData\RogueKiller 2018-03-09 18:22 - 2018-03-09 18:22 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-03-09 18:22 - 2018-03-09 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-03-09 18:22 - 2018-03-09 18:22 - 000000000 ____D C:\Program Files\RogueKiller 2018-03-09 17:18 - 2018-03-13 18:09 - 000000000 ____D C:\Users\jDonna\Documents\CClean Reg BUs 2018-02-14 08:29 - 2018-02-10 15:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-02-14 08:29 - 2018-02-10 15:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-02-14 08:29 - 2018-02-10 04:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-02-14 08:29 - 2018-02-10 03:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-02-14 08:29 - 2018-02-10 03:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-02-14 08:29 - 2018-02-10 03:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-02-14 08:29 - 2018-02-10 03:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-02-14 08:29 - 2018-02-10 03:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-02-14 08:29 - 2018-02-10 03:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-02-14 08:29 - 2018-02-10 03:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-02-14 08:29 - 2018-02-10 03:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-02-14 08:29 - 2018-02-10 03:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-02-14 08:29 - 2018-02-10 03:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-02-14 08:29 - 2018-02-10 03:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-02-14 08:29 - 2018-02-10 03:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-02-14 08:29 - 2018-02-10 03:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-02-14 08:29 - 2018-02-10 03:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-02-14 08:29 - 2018-02-10 03:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-02-14 08:29 - 2018-02-10 03:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-02-14 08:29 - 2018-02-10 03:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-02-14 08:29 - 2018-02-10 02:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-02-14 08:29 - 2018-02-10 02:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-02-14 08:29 - 2018-02-10 02:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-02-14 08:29 - 2018-02-10 02:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-02-14 08:29 - 2018-02-10 02:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-02-14 08:29 - 2018-02-10 02:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-02-14 08:29 - 2018-02-10 02:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-02-14 08:29 - 2018-02-10 02:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-02-14 08:29 - 2018-02-10 02:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-02-14 08:29 - 2018-02-10 02:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-02-14 08:29 - 2018-02-10 02:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-02-14 08:29 - 2018-02-10 02:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-02-14 08:29 - 2018-02-10 02:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-02-14 08:29 - 2018-02-10 02:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-02-14 08:29 - 2018-02-10 02:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-02-14 08:29 - 2018-02-10 02:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-02-14 08:29 - 2018-02-10 02:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-02-14 08:29 - 2018-02-10 02:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-02-14 08:29 - 2018-02-10 02:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-02-14 08:29 - 2018-02-10 01:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-02-14 08:29 - 2018-02-10 01:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-02-14 08:29 - 2018-02-10 01:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-02-14 08:29 - 2018-02-10 01:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-02-14 08:29 - 2018-02-10 01:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-02-14 08:29 - 2018-02-10 01:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-02-14 08:29 - 2018-02-10 01:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-02-14 08:29 - 2018-02-10 01:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-02-14 08:29 - 2018-02-10 01:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-02-14 08:29 - 2018-02-10 01:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-02-14 08:29 - 2018-02-10 01:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-02-14 08:29 - 2018-02-10 01:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-02-14 08:29 - 2018-02-10 01:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-02-14 08:29 - 2018-02-10 01:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-02-14 08:29 - 2018-02-10 01:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-02-14 08:29 - 2018-02-10 01:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-02-14 08:29 - 2018-02-10 01:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-02-14 08:29 - 2018-02-10 01:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-02-14 08:29 - 2018-02-10 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-02-14 08:29 - 2018-02-10 01:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-02-14 08:29 - 2018-02-10 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-02-14 08:29 - 2018-02-10 01:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-02-14 08:29 - 2018-02-10 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-02-14 08:29 - 2018-02-10 01:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-02-14 08:29 - 2018-02-10 01:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-02-14 08:29 - 2018-02-10 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-02-14 08:29 - 2018-02-10 01:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-02-14 08:29 - 2018-02-10 01:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-02-14 08:29 - 2018-02-10 01:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-02-14 08:29 - 2018-01-12 12:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-02-14 08:29 - 2018-01-12 12:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-02-14 08:29 - 2018-01-12 12:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-02-14 08:29 - 2018-01-12 12:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-02-14 08:29 - 2018-01-12 12:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-02-14 08:29 - 2018-01-12 12:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-02-14 08:29 - 2018-01-12 12:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-02-14 08:29 - 2018-01-12 12:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-02-14 08:29 - 2018-01-12 12:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-02-14 08:29 - 2018-01-12 12:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-02-14 08:29 - 2018-01-12 12:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe 2018-02-14 08:29 - 2018-01-12 12:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 12:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe 2018-02-14 08:29 - 2018-01-12 12:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2018-02-14 08:29 - 2018-01-12 12:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys 2018-02-14 08:29 - 2018-01-12 12:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2018-02-14 08:29 - 2018-01-12 12:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-02-14 08:29 - 2018-01-12 12:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-02-14 08:29 - 2018-01-12 12:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-02-14 08:29 - 2018-01-12 12:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-02-14 08:29 - 2018-01-12 12:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-02-14 08:29 - 2018-01-12 12:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-02-14 08:29 - 2018-01-12 12:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-02-14 08:29 - 2018-01-12 12:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-02-14 08:29 - 2018-01-12 12:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-02-14 08:29 - 2018-01-12 12:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-02-14 08:29 - 2018-01-12 12:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-02-14 08:29 - 2018-01-12 12:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-02-14 08:29 - 2018-01-12 11:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-02-14 08:29 - 2018-01-12 11:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-02-14 08:29 - 2018-01-12 11:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-02-14 08:29 - 2018-01-12 11:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-02-14 08:29 - 2018-01-12 11:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-02-14 08:29 - 2018-01-12 11:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 11:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 11:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-02-14 08:29 - 2018-01-12 11:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-02-14 08:29 - 2018-01-11 12:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2018-02-14 08:29 - 2018-01-11 12:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2018-02-14 08:29 - 2018-01-11 12:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-02-14 08:29 - 2018-01-05 12:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2018-02-14 08:29 - 2018-01-05 12:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2018-02-14 08:29 - 2018-01-05 12:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2018-02-14 08:29 - 2018-01-05 12:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2018-02-14 08:29 - 2018-01-05 12:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2018-02-14 08:29 - 2018-01-05 12:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2018-02-14 08:29 - 2018-01-05 12:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2018-02-14 08:29 - 2018-01-05 12:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2018-02-14 08:29 - 2018-01-05 11:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2018-02-14 08:29 - 2017-12-05 13:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2018-02-14 08:29 - 2017-12-05 13:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2018-02-14 08:29 - 2017-12-05 12:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2018-02-14 08:24 - 2018-01-21 19:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-02-14 08:24 - 2018-01-21 19:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-02-14 08:24 - 2018-01-19 10:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-02-14 08:24 - 2018-01-19 10:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-13 18:08 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-03-13 17:58 - 2009-07-14 00:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-13 17:58 - 2009-07-14 00:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-13 17:53 - 2009-07-14 01:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-13 17:40 - 2011-06-21 19:10 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2018-03-13 17:40 - 2011-06-21 19:10 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2018-03-13 17:40 - 2011-06-21 18:37 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2018-03-13 17:39 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-11 15:55 - 2016-11-18 08:18 - 000000000 ____D C:\Users\jDonna\AppData\LocalLow\Mozilla 2018-03-11 13:49 - 2009-07-13 22:34 - 000000215 _____ C:\Windows\system.ini 2018-03-11 13:34 - 2011-07-07 15:05 - 000000000 ____D C:\Users\jDonna 2018-03-11 11:00 - 2011-06-21 18:42 - 000000000 ____D C:\ProgramData\Dell 2018-03-11 11:00 - 2011-06-21 18:41 - 000000000 ____D C:\Program Files (x86)\Dell 2018-03-11 10:43 - 2011-07-08 14:54 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\GlarySoft 2018-03-11 10:32 - 2011-07-07 15:10 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Adobe 2018-03-11 10:32 - 2011-06-21 18:52 - 000000000 ____D C:\ProgramData\Adobe 2018-03-11 10:32 - 2011-06-21 18:52 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-11 10:19 - 2013-04-04 15:32 - 000000000 ___RD C:\Maintenance 2018-03-10 14:08 - 2013-01-24 13:27 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2018-03-10 09:50 - 2013-04-05 07:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2018-03-10 09:50 - 2013-04-05 07:55 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2018-03-10 09:14 - 2011-07-08 14:56 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-10 08:49 - 2018-01-30 10:22 - 000000000 ____D C:\ProgramData\Foxit Software 2018-03-10 08:49 - 2011-07-08 14:45 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Foxit Software 2018-03-10 08:41 - 2012-04-04 06:15 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-10 08:41 - 2012-02-21 09:22 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-10 08:41 - 2011-07-07 16:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-10 08:40 - 2011-07-07 16:04 - 000000000 ____D C:\Program Files\CCleaner 2018-03-10 08:40 - 2011-06-21 18:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-10 06:57 - 2017-05-18 16:30 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-03-10 06:56 - 2018-01-05 07:06 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-03-10 06:56 - 2017-11-21 16:12 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-03-10 06:56 - 2017-05-18 16:30 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-03-10 06:48 - 2018-01-08 11:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-10 06:48 - 2013-02-19 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-09 19:00 - 2013-01-24 13:29 - 000000000 ____D C:\Program Files (x86)\Playalot Games 2018-03-09 19:00 - 2013-01-24 13:27 - 000000000 ____D C:\Users\jDonna\AppData\Roaming\Yahoo! 2018-03-09 17:24 - 2014-11-03 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-03-09 17:24 - 2013-04-05 16:06 - 000000000 ____D C:\Program Files\Java 2018-03-09 17:23 - 2013-04-05 16:06 - 000000000 ____D C:\Program Files (x86)\Java 2018-03-09 17:21 - 2017-07-29 22:48 - 000000000 ____D C:\ProgramData\GlarySoft 2018-03-09 17:18 - 2014-11-03 11:08 - 000022542 _____ C:\Users\jDonna\Documents\cc_20141103_100841.reg 2018-03-09 17:14 - 2014-02-15 16:54 - 000000000 ____D C:\Users\jDonna\Documents\Files From Download Folder 2018-02-15 11:57 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache 2018-02-15 04:34 - 2016-11-17 23:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-02-15 04:34 - 2009-07-14 00:45 - 000347688 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-15 04:30 - 2014-12-10 14:56 - 000000000 ____D C:\Windows\system32\appraiser 2018-02-15 04:15 - 2013-07-22 14:29 - 000000000 ____D C:\Windows\system32\MRT 2018-02-15 04:08 - 2017-10-12 03:09 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-02-15 04:08 - 2011-07-11 13:57 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-02-15 04:03 - 2011-02-10 12:10 - 000775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2013-12-02 08:08 - 2013-12-02 08:08 - 049940480 _____ () C:\Program Files (x86)\GUT6C99.tmp 2018-03-11 15:49 - 2018-03-11 15:49 - 000007613 _____ () C:\Users\jDonna\AppData\Local\Resmon.ResmonCfg 2016-05-31 17:05 - 2016-05-31 17:11 - 000000000 _____ () C:\Users\jDonna\AppData\Local\{C86A9BCB-CF98-4B07-AE0A-55BB021D622D} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-09 08:56 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018 Ran by jDonna (13-03-2018 18:10:27) Running from C:\Users\jDonna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-07-07 19:05:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-668790070-1862182065-2749219965-500 - Administrator - Disabled) Guest (S-1-5-21-668790070-1862182065-2749219965-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-668790070-1862182065-2749219965-1002 - Limited - Enabled) jDonna (S-1-5-21-668790070-1862182065-2749219965-1001 - Administrator - Enabled) => C:\Users\jDonna Whitney (S-1-5-21-668790070-1862182065-2749219965-1003 - Limited - Enabled) => C:\Users\Whitney ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform) Dropbox (HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.162 - Google Inc.) Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla) Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.) RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-668790070-1862182065-2749219965-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>) ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-27] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-10] (AVAST Software) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File ContextMenuHandlers1_S-1-5-21-668790070-1862182065-2749219965-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-668790070-1862182065-2749219965-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-668790070-1862182065-2749219965-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jDonna\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0622E485-6387-4048-86D1-15044963D26B} - System32\Tasks\DellPUDCTask => C:\Program Files\Dell\ProductUpdate\DKprodupdate.exe [2012-11-07] () Task: {0BB56019-C605-4FF4-AD2E-48A5BB2FA70F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {101B33B9-2B41-4F21-BB7A-F27713C740B6} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e91370f9623a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {13FA8A70-B47A-4579-BEF2-2DDE8B1070B3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {25537F0C-BA3B-47E8-A01C-B73BAAA9DF65} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-05] (PC-Doctor, Inc.) Task: {2585E615-697E-4FEC-B6E5-E6E4D45B3C84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd) Task: {2A15093C-81BC-4113-9389-D676863BD286} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-03-21] (Glarysoft Ltd) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {305C45C3-1050-4F3D-8FFE-802F25338FFC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {451E851D-8CA0-41FA-AACB-1EAC21BF55A0} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9136f772963 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {47192AC7-A673-4A60-8324-5330E8653929} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd) Task: {644A26D7-FBB1-4D32-A202-0ABC435FBE84} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-08] (AVAST Software) Task: {7A160C21-2CF3-4D74-9038-5EC246006833} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-10] (AVAST Software) Task: {86E1BDDB-CC36-45C0-B0BA-686374C5430E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {991B3078-226B-4BFC-B678-E3C5372BF6A4} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {BE75D1A1-60A7-45A1-BE33-4C3EA0DDDECE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {CB4F2FEE-BD43-412B-8B17-574466199C61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D0D12C61-C6F4-4D91-87DD-FB8BC1C89007} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-10] (Adobe Systems Incorporated) Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-06-21 18:38 - 2011-08-18 11:05 - 002751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2018-03-10 06:56 - 2018-03-10 06:56 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000326872 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll 2011-06-21 20:06 - 2011-01-27 11:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-05 18:04 - 2012-11-07 23:54 - 000951656 _____ () C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe 2018-03-10 06:56 - 2018-03-10 06:56 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2018-03-11 08:20 - 2018-03-11 08:20 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031102\algo.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll 2018-03-13 17:41 - 2018-03-13 17:41 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031304\algo.dll 2013-04-05 18:04 - 2012-08-22 07:05 - 001490944 _____ () C:\Program Files (x86)\Dell V520 Series\dkabdrs.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-03-10 06:56 - 2018-03-10 06:56 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:D346F792 [294] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7936 more sites. IE trusted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\ed.gov -> hxxps://fafsa.ed.gov IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-668790070-1862182065-2749219965-1001\...\123simsen.com -> www.123simsen.com There are 7934 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2018-03-11 13:49 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-668790070-1862182065-2749219965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jDonna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe.lnk => C:\Windows\pss\StrongVaultApp.exe.lnk.CommonStartup MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B5EEC49B9C0DB3F523345693CFD454 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FC6ABA1E-9B79-4128-8E0B-44F2DB30715F}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{60EA9E56-ED17-4549-BC54-004F1577A0B3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C863BBFB-9D29-4BB1-8926-6CCE32FE1A99}] => (Allow) LPort=2869 FirewallRules: [{42258B0D-3ECA-4EF7-A3B5-D376CADFAB9F}] => (Allow) LPort=1900 FirewallRules: [{FBD3F84E-BCDD-4BBA-A0E3-BE1ACB97705C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{12ECA89E-D406-4431-B326-3794688D06A6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{1981007E-CCC9-4FB0-BEEC-44DAC146695C}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll FirewallRules: [{4C5F1F79-E243-4811-8F09-49A9FF4D140F}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll FirewallRules: [{642F9699-667F-4A2E-AE94-A48F90575E30}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll FirewallRules: [{D9E1BE1E-2A98-44A5-A21D-3972350C9378}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll FirewallRules: [{5DD66C80-D9B7-4429-BCEA-181F2F050951}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe FirewallRules: [{8A8461BF-7E03-403A-9733-6D7478BA3786}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe FirewallRules: [{23566B71-04BE-4381-A9AC-1037FE0E8AE1}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe FirewallRules: [{98BE3830-BE88-4DF9-BD8A-E4B61F21FE0E}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe FirewallRules: [{3CE57619-DEBB-469D-85F4-4054984BAB79}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll FirewallRules: [{7A57B787-9339-4BFB-B17C-5C8CD8CA8B59}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll FirewallRules: [{58145A85-C7BA-43E5-8318-3DA78C076121}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe FirewallRules: [{08094551-E76E-440B-B0C2-E591EEC5C7BB}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe FirewallRules: [{7F329BC2-3F9D-42EA-88FB-6D85DD50671E}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe FirewallRules: [{DAE81A8F-75EB-4CA1-BFCF-FE12C130AD2C}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe FirewallRules: [TCP Query User{4DDD6FEE-5BB7-41D8-B8A0-A36CA1947FD0}C:\program files (x86)\dell v520 series\dkadgmon.exe] => (Block) C:\program files (x86)\dell v520 series\dkadgmon.exe FirewallRules: [UDP Query User{47329572-2EF7-422D-B361-80DD85E7E718}C:\program files (x86)\dell v520 series\dkadgmon.exe] => (Block) C:\program files (x86)\dell v520 series\dkadgmon.exe FirewallRules: [{A0CDDEC7-E5D2-4135-BDE9-18F97905BD51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4179A541-6B3C-4881-8950-FE10455FE860}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{36E139CE-1479-4B2D-B73B-613D38F836AE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{EF632F1B-42E4-4078-A387-763785D0C896}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{A5440852-4C06-45B5-A037-82AF249652E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F02FBD84-EF71-4151-8663-71D2C8DE3025}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A585E29D-1BDF-4C29-821D-DC01C8DDF2FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{649C757B-81DF-44F6-8016-A4452B40BE3A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{58E49D78-84B6-4755-B817-4A721E0762FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 17-08-2017 08:33:00 Scheduled Checkpoint 25-08-2017 09:01:35 Scheduled Checkpoint 01-09-2017 15:21:12 Scheduled Checkpoint 08-09-2017 20:18:17 Scheduled Checkpoint 14-09-2017 03:00:50 Windows Update 21-09-2017 10:32:29 Scheduled Checkpoint 28-09-2017 11:48:53 Scheduled Checkpoint 06-10-2017 08:07:25 Scheduled Checkpoint 12-10-2017 03:00:35 Windows Update 19-10-2017 09:50:13 Scheduled Checkpoint 27-10-2017 09:40:21 Scheduled Checkpoint 04-11-2017 07:52:54 Scheduled Checkpoint 11-11-2017 09:17:34 Scheduled Checkpoint 15-11-2017 11:35:21 Windows Update 22-11-2017 11:49:55 Scheduled Checkpoint 22-11-2017 18:09:27 Windows Update 30-11-2017 09:13:02 Scheduled Checkpoint 07-12-2017 18:19:29 Scheduled Checkpoint 08-12-2017 04:00:28 Windows Update 14-12-2017 04:00:28 Windows Update 22-12-2017 09:11:43 Scheduled Checkpoint 29-12-2017 09:30:41 Scheduled Checkpoint 05-01-2018 09:41:07 Scheduled Checkpoint 09-01-2018 04:00:29 Windows Update 11-01-2018 04:00:51 Windows Update 18-01-2018 09:59:06 Scheduled Checkpoint 20-01-2018 04:00:25 Windows Update 27-01-2018 12:27:59 Scheduled Checkpoint 30-01-2018 04:00:26 Windows Update 07-02-2018 09:49:44 Scheduled Checkpoint 14-02-2018 10:46:21 Scheduled Checkpoint 15-02-2018 04:00:34 Windows Update 22-02-2018 11:12:13 Scheduled Checkpoint 02-03-2018 09:35:19 Scheduled Checkpoint 09-03-2018 13:27:20 Scheduled Checkpoint 09-03-2018 17:21:58 Removed Java 8 Update 144 09-03-2018 17:23:31 Removed Java 8 Update 144 (64-bit) 10-03-2018 14:05:22 Checkpoint by HitmanPro 10-03-2018 14:08:05 Checkpoint by HitmanPro 11-03-2018 09:34:45 Cleaner (Spybot - Search & Destroy 2.6, administrator privileges 11-03-2018 10:23:53 Windows Update 11-03-2018 10:59:34 Revo Uninstaller's restore point - Dell DataSafe Online 11-03-2018 11:00:05 Removed Dell DataSafe Online 11-03-2018 11:02:08 Revo Uninstaller's restore point - Dell DataSafe Online 11-03-2018 14:35:05 I ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/13/2018 05:45:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (03/13/2018 05:41:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/11/2018 04:05:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/11/2018 02:54:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/11/2018 02:23:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/11/2018 02:07:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/11/2018 01:49:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/11/2018 12:04:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (03/13/2018 05:40:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (03/11/2018 04:07:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (03/11/2018 01:34:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/11/2018 01:34:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/11/2018 01:34:02 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (03/11/2018 01:30:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/11/2018 12:05:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/11/2018 12:05:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect. Windows Defender: =================================== Date: 2016-05-20 07:13:37.204 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033 Name:BrowserModifier:Win32/DefaultTab ID:207033 Severity:High Category:Browser Modifier Path Found:file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\addon.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DT.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico;file:c:\users\whitney\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\18x18.png;f Detection Type:Concrete Detection Source:System Status:Unknown Process Name:c:\program files\windows defender\MpCmdRun.exe Date: 2016-05-11 03:41:58.332 Description: Windows Defender scan has been stopped before completion. Scan ID:{1B0720FD-E070-4341-BC25-627EC8C51FF3} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2014-12-26 08:36:04.863 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033 Name:BrowserModifier:Win32/DefaultTab ID:207033 Severity:High Category:Browser Modifier Path Found:containerfile:C:\Program Files (x86)\DefaultTab\DefaultTab.crx;containerfile:c:\users\whitney\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\plugins\npDefaultTabSearch.dll;file:C:\Program Files (x86)\DefaultTab\DefaultTab.crx;file:C:\Program Files (x86)\DefaultTab\DefaultTab.crx->[ChromeCrxPackage]->js/SearchBox.js;file:C:\Program Files (x86)\DefaultTab\DefaultTab.crx->[ChromeCrxPackage]->plugins/npDefaultTabSearch.dll;file:C:\Program Files (x86)\DefaultTab\uid;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\addon.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\DT.ico;file:C:\Users\jDonna\AppData\Roaming\DefaultTab\DefaultTab\fac Detection Type:Concrete Detection Source:System Status:Unknown Process Name:c:\program files\windows defender\MpCmdRun.exe CodeIntegrity: =================================== Date: 2018-03-11 13:34:02.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-11 13:34:01.762 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-19 19:24:07.532 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-19 19:24:07.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-18 09:12:33.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-18 09:12:33.033 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-17 17:43:04.360 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-17 17:43:03.970 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentage of memory in use: 29% Total physical RAM: 6056.63 MB Available physical RAM: 4288.16 MB Total Virtual: 12111.43 MB Available Virtual: 10416.46 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:666.7 GB) NTFS \\?\Volume{31b8365c-9c66-11e0-8451-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: F2672FB5) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  10. Downloads are interesting and one or two just may solve my problem, but where can I find a description of the downloads before installing them? I am looking for something that would correct a BIOS problem with a Gateway Solo 2500. Windows 2000 installed. The latest BIOS 017 was successfully updated but the problem remained, I can only change the date and time and cannot enter any of the other 6 pages using Alt+p. The download titles Bootcheck and Bootkit Remover may apply to my problem but just not sure with out a description.
  11. Boondockers

    Vista Service Pack 1 known issues

    I'm sorry I do not remember the Microsoft site I found the Vista updates for. I Googled to find the answers.
  12. Boondockers

    Vista Service Pack 1 known issues

    This pinned message needs updating. I downloaded Vista SP-1 and SP-2 both 32bit and 64bit from Microsoft today. Also available were Vista Server SP-1 and SP-2
  13. Using Word 2003 I keep setting Tools/Options make text boundaries visible but the next time I load Word the text boundaries are not visible. Using previous releases of Word, visible text boundaries would remain the default. Could not get the answer using Word help. If you know the answer to make text boundaries as the default please advise.
  14. Boondockers

    Detecting Motherboard Failure

    Broni, I was not booting from the hard drive but from an XP Memory test CD. I wanted to remove any possible problem with the HDD. Problem solved - The power supply was tested with a power supply testor and checked ok. As a last resort I substituted the Power Supply and ran 40 memory tests with no failure. (about 2 hours) Conclusion: Even though a PS tests OK on a tester an intermittent problem could still exist. Suggestion: Try a substitute power supply
  15. Boondockers

    Detecting Motherboard Failure

    Hope there is someone reading that can advise me. I have an Aopen motherboard AX79-400VN that appears to shutdown intermittently. When running a memory test from an XP bootable disk a click or two is heard coming from the motherboard and the test freezes or sometimes reboots. Tested power supply with a power supply tester. Exchanged DVD drives (Disconnected one then the other) same failure disconnected floppy (same failure) removed modem (same failure) connected another hard drive (still starting with xp memory test disk) exchanged memory chips with different chips. (two ddr400 256mb) reseated cables Is there something on the motherboard that could be causing this problem? Is it possible the CPU is running too fast? (I have not changed anything) If so how do I check for the withing range speed? My gut is now telling me either the processor or the motherboard is failing. No dust and all fans running normal.
×