Solved Can't do system restore & now firefox quickly slows down whole computer

B

B L S

Posts: 20   +0
I guess I might have gotten some sort of virus as initially, I started not being able to do a system restore & now firefox quickly slows down whole computer to the point I have to refresh firefox, clean temp files out etc and use cc cleaner to get computer back to run w/o getting bogged down, but after looking at some news websites that have a lot of media files on them or opening more than 4 or 5 web pages, or, start to use Avast's VPN, it starts all over again.

Another key element when the problem started was shortly after Avast last changed their VPN skin/user interface a few months ago to what it is now. I noticed a marked change and things bogging down when they did the change. The computer will start to bog down almost right away after starting to use the VPN and have to do everything above just to get the computer to not gag.

I have done the requested scan and looks like I'm going to have to paste the 2 scans piece by piece.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Carl (administrator) on WINDOWS-I4X63IQ (04-08-2018 12:02:00)
Running from C:\Users\Carl\Downloads
Loaded Profiles: Carl (Available Profiles: Carl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Syntek America Inc.) C:\WINDOWS\System32\StkCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
 
Ok, how am I to get the full file pasted? I am cutting the last section back more and more (definitely less than 5,000 chr and the red error mssg till comes back. I will try the file upload (although instructions said to paste but looks like my scans are way longer than the 5,000 chr limit mentioned.
 

Attachments

  • FRST.txt
    35.9 KB · Views: 1
  • Addition.txt
    62 KB · Views: 1
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Carl (administrator) on WINDOWS-I4X63IQ (04-08-2018 12:02:00)
Running from C:\Users\Carl\Downloads
Loaded Profiles: Carl (Available Profiles: Carl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Syntek America Inc.) C:\WINDOWS\System32\StkCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Ziff-Davis Media, Inc.) C:\Utility.sys\NetPerSec\NetPerSec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
() C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Varate Vgiolitzndes Records) C:\Utility.sys\2xExplorer\2xExplorer.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Varate Vgiolitzndes Records) C:\Utility.sys\2xExplorer\2xExplorer.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [AvastUI.exe] => C:\Utility.sys\Spyware - Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [BuffaloTools] => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-05] (BUFFALO INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2016-10-10] (CANON INC.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe [317824 2016-01-18] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [Weather] => C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Carl\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-02-28] (Yahoo!, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {084762e3-8a9b-11e8-a5a2-24b6fd1437bd} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {18b49c43-3bd5-11e1-98a6-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {4b362eb8-2faa-11e2-9025-e4d53de93a34} - F:\DriveNavi.exe
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amcap.lnk [2012-11-19]
ShortcutTarget: Amcap.lnk -> C:\Program Files (x86)\Vimicro\amcap.exe ()
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.lnk [2018-08-04]
ShortcutTarget: NetPerSec.lnk -> C:\Utility.sys\NetPerSec\NetPerSec.exe (Ziff-Davis Media, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-11]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk [2012-04-29]
ShortcutTarget: speedfan.lnk -> C:\Utility.sys\SpeedFan4.34\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.192.10 192.168.191.10
Tcpip\..\Interfaces\{0E21F077-EB43-49B3-AA41-1149BA8AB9A2}: [DhcpNameServer] 192.168.192.10 192.168.191.10
Tcpip\..\Interfaces\{155DF4E0-D023-41A7-99E6-B202E555D299}: [NameServer] 77.234.40.79

Internet Explorer:
==================
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Utility.sys\Spyware - Avast\aswWebRepIE64.dll [2018-07-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Utility.sys\Spyware - Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-27] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

FireFox:
========
FF DefaultProfile: 0ek4oy6g.default-1533138630327
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739 [2018-08-04]
FF Extension: (Avast Online Security) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-01-15]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-01-15]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380 [2018-08-04]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-01-19]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-01-19]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538 -> hxxps://startpage.com/
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-03-10]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-03-10]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-03-10]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\yoijzgza.default-1523995957406 [2018-08-04]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359 [2018-08-04]
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-05-08]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-05-08]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-05-08]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\jpi8b2v7.default-1525957615734 [2018-08-04]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327 -> hxxps://startpage.com
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-08-03]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-08-03]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-08-03]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514 -> hxxps://startpage.com
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-08-04]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-08-04]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-08-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VLC Media Player\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-03] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: SkypePlugin -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: SkypePlugin64 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: usaa.com/web -> C:\Users\Carl\AppData\Roaming\com.usaa\usaa-web\1.0.11\npusaa-web-1.0.11.dll [2015-09-03] (USAA)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe [7780400 2018-07-17] (AVAST Software)
R2 avast! Antivirus; C:\Utility.sys\Spyware - Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-06] (Digital Wave Ltd.)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 StkSSrv; C:\windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-03-24] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-03-24] (Check Point Software Technologies Ltd.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{72D6EC87-52C4-44D0-81CA-2D2D2A484CC8}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [197160 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201328 2018-07-17] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346664 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59592 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239680 2018-07-17] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46976 2018-07-17] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-26] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [159640 2018-07-17] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111872 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [85968 2018-07-17] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1027728 2018-07-17] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [211160 2018-07-17] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2016-01-29] (The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [381584 2018-07-17] (AVAST Software)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R3 GenericMount; C:\windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S3 StkCMini; C:\windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
R0 symsnap; C:\windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 USBMULCD; C:\windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S3 VProEventMonitor; C:\windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-24] (Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-04 12:02 - 2018-08-04 12:04 - 000024699 _____ C:\Users\Carl\Downloads\FRST.txt
2018-08-04 12:00 - 2018-08-04 12:02 - 000000000 ____D C:\FRST
2018-08-04 12:00 - 2018-08-04 12:00 - 000000000 ____D C:\Users\Carl\Downloads\FRST-OlderVersion
2018-08-04 11:59 - 2018-08-04 12:00 - 002412544 _____ (Farbar) C:\Users\Carl\Downloads\FRST64.exe
2018-08-03 18:21 - 2018-08-03 18:21 - 000001337 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2018-08-03 18:21 - 2018-08-03 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2018-08-03 18:21 - 2018-08-03 18:21 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2018-08-03 18:20 - 2018-08-03 18:20 - 000001305 _____ C:\Users\Public\Desktop\Free Video Editor.lnk
2018-08-03 18:20 - 2018-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\FreeCodecPack
2018-08-03 18:20 - 2018-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\Free Video Editor
2018-08-03 18:19 - 2018-08-03 18:21 - 000000000 ____D C:\Users\Carl\AppData\Roaming\DVDVideoSoft
2018-08-03 18:09 - 2018-08-03 18:11 - 000000000 ____D C:\Users\Carl\AppData\Roaming\vlc
2018-08-03 18:08 - 2018-08-03 18:08 - 000000839 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-08-03 18:08 - 2018-08-03 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-08-03 18:08 - 2018-08-03 18:08 - 000000000 ____D C:\Program Files\VLC Media Player
2018-08-03 17:30 - 2018-08-03 17:30 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 17:30 - 2018-08-03 17:30 - 000002208 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 17:30 - 2018-08-03 17:30 - 000000000 ____D C:\Users\Carl\AppData\Roaming\HandBrake Team
2018-08-03 17:30 - 2018-08-03 17:30 - 000000000 ____D C:\Users\Carl\AppData\Roaming\HandBrake
2018-08-03 17:29 - 2018-08-03 17:30 - 000000983 _____ C:\Users\Carl\Desktop\HandBrake.lnk
2018-08-03 17:29 - 2018-08-03 17:29 - 000000000 ____D C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-08-03 17:29 - 2018-08-03 17:29 - 000000000 ____D C:\Program Files\HandBrake
2018-08-03 17:25 - 2018-08-03 17:25 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-01 11:47 - 2018-08-01 10:56 - 009724650 _____ C:\Users\Carl\Documents\IMG_20180801_0013.pdf
2018-08-01 11:46 - 2018-08-01 11:46 - 000476250 _____ C:\Users\Carl\Documents\IMG_20180801_0012.pdf
2018-08-01 11:40 - 2018-08-01 11:44 - 004244800 _____ C:\Users\Carl\Documents\IMG_20180801_0011.pdf
2018-08-01 11:39 - 2018-08-01 10:52 - 013959943 _____ C:\Users\Carl\Documents\IMG_20180801_0010.pdf
2018-08-01 11:33 - 2018-08-01 11:38 - 030553694 _____ C:\Users\Carl\Documents\IMG_20180801_0005.pdf
2018-08-01 11:29 - 2018-08-01 11:29 - 000630423 _____ C:\Users\Carl\Documents\IMG_20180801_0004.pdf
2018-08-01 11:24 - 2018-08-01 11:24 - 000190682 _____ C:\Users\Carl\Documents\IMG_20180801_0009.pdf
2018-08-01 11:22 - 2018-08-01 11:22 - 000692920 _____ C:\Users\Carl\Documents\IMG_20180801_0003.pdf
2018-08-01 11:20 - 2018-08-01 11:20 - 000187474 _____ C:\Users\Carl\Documents\IMG_20180801_0008.pdf
2018-08-01 11:18 - 2018-08-01 11:19 - 000920642 _____ C:\Users\Carl\Documents\IMG_20180801_0002.pdf
2018-08-01 11:10 - 2018-08-01 11:13 - 000890398 _____ C:\Users\Carl\Documents\IMG_20180801_0001.pdf
2018-08-01 11:07 - 2018-08-01 11:08 - 000000000 ____D C:\Program Files (x86)\VLC Media Player
2018-08-01 11:04 - 2018-08-01 11:04 - 000845942 _____ C:\Users\Carl\Documents\IMG_20180801_0007.pdf
2018-08-01 10:47 - 2018-08-01 10:52 - 030567714 _____ C:\Users\Carl\Documents\IMG_20180801_0006.pdf
2018-07-30 22:03 - 2018-08-01 10:53 - 000004096 ___SH C:\VSNAP.IDX
2018-07-28 12:08 - 2018-07-28 12:08 - 000000000 ____D C:\Users\Carl\AppData\Roaming\Symantec
2018-07-28 12:08 - 2018-07-28 12:08 - 000000000 ____D C:\Users\Carl\AppData\Local\Symantec_Corporation
2018-07-28 12:06 - 2010-03-03 19:59 - 000154168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WimFltr.sys
2018-07-28 12:05 - 2018-07-28 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
2018-07-28 12:05 - 2018-07-28 12:05 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_GenericMount_01009.Wdf
2018-07-28 12:05 - 2010-02-11 02:34 - 000170032 _____ (StorageCraft) C:\windows\system32\Drivers\symsnap.sys
2018-07-28 12:05 - 2009-09-21 20:40 - 000020528 _____ (Symantec Corporation) C:\windows\system32\Drivers\vproeventmonitor.sys
2018-07-28 12:04 - 2018-07-28 12:55 - 000000000 ____D C:\ProgramData\Symantec
2018-07-28 12:04 - 2018-07-28 12:04 - 000000000 ____D C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2018-07-28 12:04 - 2018-07-28 12:04 - 000000000 ____D C:\Program Files (x86)\Norton Ghost
2018-07-28 12:04 - 2009-05-18 14:17 - 000034152 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2018-07-28 12:04 - 2008-04-17 13:12 - 000126312 _____ (GEAR Software Inc.) C:\windows\system32\GEARAspi64.dll
2018-07-28 12:04 - 2008-04-17 13:12 - 000107368 _____ (GEAR Software Inc.) C:\windows\SysWOW64\GEARAspi.dll
2018-07-27 13:13 - 2018-07-27 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 10:02 - 2018-08-04 11:23 - 000000000 ____D C:\Users\Carl\AppData\Local\AVAST Software
2018-07-17 18:49 - 2018-07-17 18:48 - 000378072 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-07-13 08:52 - 2018-07-13 08:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-04 11:31 - 2009-07-13 23:45 - 000020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-04 11:31 - 2009-07-13 23:45 - 000020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-04 11:27 - 2009-07-14 00:13 - 000909514 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-04 11:27 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-08-04 11:24 - 2016-11-18 19:48 - 000000000 ____D C:\Users\Carl\AppData\LocalLow\Mozilla
2018-08-04 11:22 - 2012-01-10 16:58 - 000000000 ____D C:\ProgramData\Sonic
2018-08-04 11:20 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-04 09:43 - 2017-05-07 09:56 - 000000000 ____D C:\Users\Carl\AppData\Local\CrashDumps
2018-08-04 09:15 - 2012-11-26 10:38 - 000000000 ____D C:\windows\Minidump
2018-08-04 09:12 - 2017-02-08 17:15 - 000004154 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-08-04 09:02 - 2018-05-08 20:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-03 17:30 - 2013-01-21 18:02 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-03 17:25 - 2018-05-08 20:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-01 11:30 - 2012-04-28 17:38 - 000000000 ____D C:\Utility.sys
2018-08-01 10:59 - 2014-07-11 15:02 - 000000000 ____D C:\Users\Carl\AppData\Local\Adobe
2018-08-01 10:59 - 2012-11-20 11:33 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-01 10:59 - 2012-01-10 16:42 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-01 10:59 - 2012-01-10 16:42 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-01 10:59 - 2012-01-10 16:42 - 000000000 ____D C:\windows\system32\Macromed
2018-08-01 10:53 - 2009-07-14 00:08 - 000032576 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-07-28 13:02 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-07-28 12:07 - 2016-12-26 14:20 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-07-27 13:54 - 2013-10-26 19:16 - 000000000 ____D C:\ProgramData\Oracle
2018-07-27 13:15 - 2015-11-06 19:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-27 13:13 - 2015-11-06 19:54 - 000098680 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-07-23 09:19 - 2013-04-11 22:29 - 000467064 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-07-17 18:48 - 2017-11-17 10:27 - 000197160 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-07-17 18:48 - 2014-05-13 13:11 - 000046976 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-07-17 18:48 - 2014-01-03 09:02 - 000211160 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 001027728 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 000159640 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 000111872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-07-17 18:48 - 2013-03-21 09:28 - 000381584 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-07-17 18:48 - 2013-03-21 09:28 - 000085968 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-07-17 18:47 - 2017-10-13 09:19 - 000239680 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000346664 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000229392 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000201328 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000059592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-07-13 09:38 - 2012-04-29 00:28 - 000000000 ____D C:\ProgramData\DVD Shrink
2018-07-13 08:53 - 2015-03-27 11:52 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2017-10-11 12:29 - 2017-10-11 12:29 - 000000000 _____ () C:\ProgramData\cisE4C3.exe
2013-08-21 21:46 - 2013-08-21 21:47 - 000003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-11-03 11:28 - 2015-11-03 11:28 - 000000041 _____ () C:\Users\Carl\AppData\Roaming\mbam.context.scan
2012-07-02 15:40 - 2012-09-08 19:50 - 000020992 _____ () C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-06 13:19 - 2017-11-06 13:25 - 000000137 _____ () C:\Users\Carl\AppData\Local\Support.ini
2018-01-23 12:41 - 2018-01-23 12:41 - 000000000 _____ () C:\Users\Carl\AppData\Local\{47647FD6-D3B0-4CB1-9E7C-6F8837ABA0FA}
2016-02-08 11:31 - 2016-02-08 11:31 - 000000000 _____ () C:\Users\Carl\AppData\Local\{5B6D3BA0-DA17-4270-89D1-EAF33CA6D802}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-18 10:52

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Command (04-08-2018 12:05:31)
Running from C:\Users\Carl\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-27 07:09:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1142599995-1776523847-1352253491-500 - Administrator - Disabled)
Carl (S-1-5-21-1142599995-1776523847-1352253491-1000 - Administrator - Enabled) => C:\Users\Carl
Guest (S-1-5-21-1142599995-1776523847-1352253491-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
AxCrypt (Remove Only) (HKLM-x32\...\AxCrypt) (Version: - Axon Data)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BCWipe 2.0 (HKLM-x32\...\BCWipe) (Version: - )
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version: - )
BUFFALO SecureLockManagerEasy for HD (HKLM-x32\...\UN090430) (Version: - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - ‭Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CDBurnerXP (HKLM-x32\...\{EC0B34FF-4A9B-4757-82A5-CD4EB194BFEC}) (Version: 4.4.0.3018 - Canneverbe Limited)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.55 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Free Video Editor (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.54.606 - Digital Wave Ltd)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
HandBrake 1.1.1 (HKLM-x32\...\HandBrake) (Version: 1.1.1 - )
HP Deskjet 2510 series Basic Device Software (HKLM\...\{C8B7EFDF-28EA-4A17-B89A-C03317E3B5CF}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{B784E572-44B3-49AA-B959-A7D74D9B2793}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.12.12400.17.102 - Nero AG) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.5.0.74(master)(8d92a0e96285c09fa03691e2b7618aee84c6c2b6) - Addpcs, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
USAA Web Windows (HKLM-x32\...\{DF64D65B-CA7B-4CA0-A8F8-4EF2DC9B1FC2}) (Version: 1.0.11 - USAA)
USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version: - )
USB2.0 Capture Device (HKLM-x32\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
VTech Download Agent Library (HKLM-x32\...\{DB083AE1-3354-4AAD-BD44-5F2CC4B2ECE6}) (Version: 1.00.0000 - VTech) Hidden
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.10 - Earth Networks, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo Messenger (HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
ZoneAlarm Firewall (HKLM-x32\...\{902E1EFE-94FC-4209-9409-EBB2CA9E8DA6}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.3.060.17669 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{9F5DAD59-9A81-44E4-A075-0C943932FD10}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1-x32: [axcrypt.File] -> {FEB9A664-4B04-4D9C-9397-CF645DAA3BE2} => C:\Utility.sys\AXCrypt\1.6.4.4-0\ShellExt.dll [2008-05-13] (Axantum Software AB)
ContextMenuHandlers1-x32-x32: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Windows\SysWOW64\BCShExt.dll [1999-07-07] (Jetico, Inc.)
ContextMenuHandlers1-x32-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => c:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1-x32-x32-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Utility.sys\WinRar\rarext.dll [2002-12-18] ()
ContextMenuHandlers2-x32: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Windows\SysWOW64\BCShExt.dll [1999-07-07] (Jetico, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Utility.sys\WinRar\rarext.dll [2002-12-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-25] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6-x32: [axcrypt.File] -> {FEB9A664-4B04-4D9C-9397-CF645DAA3BE2} => C:\Utility.sys\AXCrypt\1.6.4.4-0\ShellExt.dll [2008-05-13] (Axantum Software AB)
ContextMenuHandlers6-x32-x32: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Windows\SysWOW64\BCShExt.dll [1999-07-07] (Jetico, Inc.)
ContextMenuHandlers6-x32-x32-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Utility.sys\WinRar\rarext.dll [2002-12-18] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C1E4CE2-418E-404F-AF9D-92B5A9CAE32B} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe
Task: {464970AC-4E73-478D-BD60-02BD1E44EC48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {58220009-9DD8-4D15-88F8-E1E00BBD1C2A} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {73209D1B-8327-451A-AED0-A37C85C55AA8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {7A82AB0B-8B7D-4049-AB4F-49EB513F2DF1} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-09-06] (PC-Doctor, Inc.)
Task: {8A56360C-DE72-42FC-8391-5075748A1D60} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\Carl\AppData\Local\Temp\cis9639.exe <==== ATTENTION
Task: {9260526F-608D-41E5-9D22-E695A15E3DEF} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {9B410B01-8791-48F7-8DBD-BEEC0E23D674} - System32\Tasks\{208BD8EC-DEEF-400F-9804-BA7CEC313437} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {B8348559-22A5-4589-9CC8-AE92F12DF6B1} - System32\Tasks\{21F41153-76AE-4685-94A2-5F618CABEEBD} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {B98F95DE-2767-4CC0-A4A2-DC24D4B4A695} - System32\Tasks\{BD853F0A-47EB-4934-9A1E-8B0BBB59998E} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {BE384DF3-5CF0-4513-8653-87229FE33A47} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {CBDD12D2-24CA-4456-96A8-0AF72690210C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)
Task: {CE973110-C0E7-45A1-ADFF-20E8DEEB5587} - System32\Tasks\{B6514ACD-17C1-448B-A120-F9FEA5B86861} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {D0F6F0E6-2F44-470E-9E74-DC8663492859} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D24CF959-E239-4D28-B626-1112BC8F5781} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {E8D4504B-EE35-4440-A6DD-4284AF475490} - System32\Tasks\{87EC105F-643B-44DE-94F8-B3128CAC6D4A} => C:\windows\system32\pcalua.exe -a C:\Users\Carl\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F5DF593C-5317-413A-840F-22F10A8AB1E5} - System32\Tasks\Avast Emergency Update => C:\Utility.sys\Spyware - Avast\AvEmUpdate.exe [2018-07-17] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-07-17 18:48 - 2018-07-17 18:48 - 000599768 _____ () c:\Utility.sys\Spyware - Avast\x64\StreamBack.dll
2012-01-10 18:14 - 2011-03-25 20:28 - 000094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2011-06-27 20:26 - 2011-06-27 20:26 - 002022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 09:52 - 2011-06-29 09:52 - 000474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2016-02-24 03:56 - 2016-01-18 07:48 - 000317824 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe
2017-11-03 18:38 - 2017-11-03 18:38 - 027781632 _____ () C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000483544 _____ () C:\Utility.sys\Spyware - Avast\streamback.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000928984 _____ () C:\Utility.sys\Spyware - Avast\anen.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000532696 _____ () C:\Utility.sys\Spyware - Avast\gui_cache.dll
2018-07-17 18:47 - 2018-07-17 18:47 - 000150744 _____ () C:\Utility.sys\Spyware - Avast\hns_tools.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000985304 _____ () C:\Utility.sys\Spyware - Avast\shepherdsync.dll
2018-08-04 11:24 - 2018-08-04 11:24 - 005896848 _____ () C:\Utility.sys\Spyware - Avast\defs\18080404\algo.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2012-01-10 17:11 - 2010-08-11 19:19 - 000056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2012-01-10 17:11 - 2010-08-11 19:19 - 000113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2012-01-10 17:11 - 2010-08-11 19:19 - 000126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 001926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 16:52 - 2010-03-22 16:52 - 006776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 000635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 000326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 00:20 - 2011-06-25 00:20 - 000565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 20:25 - 2011-06-27 20:25 - 000058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 00:21 - 2011-06-25 00:21 - 000322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 20:52 - 2010-03-11 20:52 - 000028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 16:07 - 2010-03-05 16:07 - 000031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 16:07 - 2010-03-05 16:07 - 000125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 20:52 - 2010-03-11 20:52 - 000225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2018-03-16 09:43 - 2018-03-16 09:43 - 067126928 _____ () C:\Utility.sys\Spyware - Avast\libcef.dll
2018-07-17 18:47 - 2018-07-17 18:47 - 000282840 _____ () C:\Utility.sys\Spyware - Avast\gaming_mode_ui.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 000985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 000170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2016-02-24 03:56 - 2015-12-14 01:05 - 000120832 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2016-02-24 03:56 - 2014-04-21 21:14 - 000065536 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\QHttpServer.dll
2016-02-24 03:56 - 2014-05-06 00:39 - 000861184 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000021504 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000020992 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000204800 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000218112 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2016-02-24 03:56 - 2014-05-06 00:58 - 000015872 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000015360 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000307712 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000014848 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2016-02-24 03:56 - 2014-05-06 01:31 - 000015872 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000036352 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000038912 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2018-01-23 13:19 - 2018-01-23 13:19 - 000169984 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\338ff006da89b9a8a88f811493679700\IsdiInterop.ni.dll
2012-01-10 16:42 - 2011-01-12 18:56 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\notepad.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aepic(118).dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\apisetschema(119).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVL.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNMLMBV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\credssp(122).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\csrsrv(123).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iertutil(124).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kerberos(125).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernel32(126).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KernelBase(127).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsasrv(128).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsass(129).exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msv1_0(130).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncrypt(131).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntdll(132).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schannel(133).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secur32(135).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\smss(137).exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srcore(139).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspicli(140).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspisrv(141).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSpkg(142).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\urlmon(143).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdigest(145).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininet(146).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsrv(147).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmp(148).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmploc(149).DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64(150).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64cpu(151).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64win(152).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iertutil(156).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kernel32(157).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KernelBase(158).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mswsock.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntdll(159).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
 
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sspicli(161).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\urlmon(162).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wininet(165).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\aswTap.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftfswin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftplaywin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftredirwin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftvolwin7.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-01-25 22:20 - 000000826 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.10 - 192.168.191.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{661E2CC3-1C6B-4956-8F90-524B2FA8941F}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{C0A5AC5C-41C9-42A0-8BAC-B89405CE13AC}] => (Allow) LPort=9700
FirewallRules: [{DEBE404E-7A3D-40B5-8848-B82AA27D61DC}] => (Allow) LPort=9701
FirewallRules: [{7FE223A1-8199-4F27-9ED9-51C2C4C9884A}] => (Allow) LPort=9702
FirewallRules: [{EB852DEE-50E5-47A0-974A-8FB72BE849BA}] => (Allow) LPort=9700
FirewallRules: [{E27955FB-B5D4-42FA-AFE0-E1A81F785E4A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{3C3144DB-D8BD-43F8-81C0-84EB43C29449}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{04EF0CE8-653C-4065-A10B-0061E91B9773}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{C51108A6-F41A-4D2F-B51E-C18CC95A312E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{780C6C95-34DE-4830-8530-50421347BEAD}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{F080FDE6-05A8-482B-BB74-BAC60F5B1076}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{2FCA86B9-7426-4F36-8A35-36AA7DFC51C0}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{5E37BED8-1B12-44D1-852D-BF1E5D8A760D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{FE937859-4DF8-4A60-B2FA-55CB97DADDD8}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{F6F13A01-B638-40AC-B56B-7E2367393960}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{0A021789-CF28-4771-9E36-1CD2D00A6F63}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{00DE1073-C1B6-41ED-AA48-E6F5595F66FC}] => (Allow) LPort=2869
FirewallRules: [{BC4B794C-E6BF-4B2F-802E-188BD7BEA56A}] => (Allow) LPort=1900
FirewallRules: [{A0D68CE8-5142-4244-A8C8-5B1F8989FEAA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{827E6F93-A390-4D93-B996-6674C4D8C01C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{93492D95-294E-45C8-92C7-9E78B1EE9A74}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{73841273-6B70-402D-BC00-26C3563CBA84}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{8940D2F2-3A90-4454-B6FD-B8BFB5B790CF}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{47897F8F-6D75-450B-BF90-B0F96F981E84}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{33309768-6FF7-416D-83CE-BC69A9F5C9BD}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1508DBA8-2EF1-4722-B813-018EF0B24F53}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5B339F90-1F33-41C5-9D5C-401F501FB59C}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{45EE5B22-CE5B-46B7-BEE0-CC718B70C3A5}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [TCP Query User{4F30056E-BA64-4840-83A1-1F2B61E30F66}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{57253567-613C-4591-A6CA-C8C7301ED3D6}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{D07F771C-2CC4-4EAF-8F8F-35E9A3B03CB0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{04BE6B96-4905-452C-9492-A273BA7F9DDD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AB6F5875-BB6A-4258-B2A5-C3D529BE719E}] => (Allow) C:\Utility.sys\Spyware - Avast\ng\vbox\aswFe.exe
FirewallRules: [{9E9CE74A-55DA-4798-8E62-43092A15C878}] => (Allow) C:\Utility.sys\Spyware - Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{4E02D591-2F0A-44A5-8A76-1CD116B973E0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3C6C17FC-DF6D-431B-AF94-EE6E6AE9C757}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{866C8A0B-BE06-4D37-AC17-32562491DF2C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{85DE6CD3-1D9E-4C5B-A3D3-AD1B50D3126F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{950C6913-6EC1-47B5-B7C3-6B289F042BD5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6DAD6B65-C052-4269-B9C9-96EED75E536F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CC80607D-8BCE-4261-9104-A6556749B73E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{2BFC57F0-5DC4-4A4F-8C92-3F8016C9EB41}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{ECB75209-A8BA-46AB-9EA0-3BAD393E46EE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3D31C816-43D9-4220-824B-95E21E083AF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E60AD5B7-04B7-45EC-9CF1-47C9C5CC5C97}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3FF2E963-BED1-47CB-8140-0B808D1CDD40}] => (Allow) C:\Utility.sys\Spyware - Avast\AvEmUpdate.exe
FirewallRules: [{230D2121-5AFA-43D1-BF31-A77EAA2794C2}] => (Allow) C:\Utility.sys\Spyware - Avast\AvEmUpdate.exe

==================== Restore Points =========================

28-07-2018 12:02:46 Installed Norton Ghost.
03-08-2018 18:19:36 DVDVideoSoftRestorePoint

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1701 802.11b/g/n
Description: Dell Wireless 1701 802.11b/g/n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1701 Bluetooth v3.0+HS
Description: Dell Wireless 1701 Bluetooth v3.0+HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2018 11:20:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 09:03:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 09:04:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 09:03:53 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/04/2018 09:03:53 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/04/2018 09:03:53 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/04/2018 09:03:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (08/04/2018 09:03:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/04/2018 11:24:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/04/2018 11:25:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/04/2018 11:23:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/04/2018 11:33:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

Error: (08/04/2018 11:32:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (08/04/2018 09:05:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/04/2018 09:06:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/04/2018 09:05:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2015-07-13 01:44:12.074
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.197.802.0
Engine version:1.1.11400.0

Date: 2015-07-13 01:43:54.167
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-07-13 01:17:32.106
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.197.802.0
Engine version:1.1.11400.0

Date: 2015-07-13 01:15:57.892
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-07-13 00:46:26.786
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.197.802.0
Engine version:1.1.11400.0

CodeIntegrity:
===================================

Date: 2017-10-11 12:25:17.212
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 12:25:17.137
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:49:14.426
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:49:14.296
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:33:03.333
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:33:03.270
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:30:54.838
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:30:54.776
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 78%
Total physical RAM: 4004.27 MB
Available physical RAM: 848.32 MB
Total Virtual: 8006.71 MB
Available Virtual: 2168.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:100.52 GB) (Free:41.61 GB) NTFS
Drive e: () (Fixed) (Total:350.49 GB) (Free:234.72 GB) NTFS

\\?\Volume{6cf741b8-3bd2-11e1-905d-806e6f6e6963}\ (Recovery) (Fixed) (Total:14.65 GB) (Free:6.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 9049F068)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=350.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Hello Broni,
It's been a hectic week and am now just getting back to to reviewing this info. I plan on getting back to working on this tomorrow. There's a lot of comments in those 2 files that were too big to paste in that I uploaded but if I understand your instructions correctly, I need to start with the instructions regarding RogueKiller, correct? Thanks!
 
I guess the file(s) are again way to large so am uploading them again.
 

Attachments

  • rk_9683.tmp.txt
    134.3 KB · Views: 1
  • Malware Bytes Scan.txt
    1.3 KB · Views: 1
  • AdwCleaner[C00].txt
    6.3 KB · Views: 1
If files are too large you need to split them between several replies. I just made an exception above.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Carl (administrator) on WINDOWS-I4X63IQ (16-08-2018 10:51:49)
Running from E:\Downloads\_CPU-Net\_Anti-Virus
Loaded Profiles: Carl & (Available Profiles: Carl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/
 
==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Syntek America Inc.) C:\WINDOWS\System32\StkCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
 
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
 
Hello Broni, This submittal form won't let me go beyond this much of of the FRST.txt file even if I try to post only 2 lines at a time.
 
Each time, it allowed me to paste in fewer and fewer lines of the file until no more. All I know to do is use the upload a file to get the 2 files to you. I tried n tried n tried to no avail...
 

Attachments

  • FRST.txt
    39.7 KB · Views: 1
  • Addition.txt
    68.2 KB · Views: 1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Carl (administrator) on WINDOWS-I4X63IQ (16-08-2018 10:51:49)
Running from E:\Downloads\_CPU-Net\_Anti-Virus
Loaded Profiles: Carl & (Available Profiles: Carl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Syntek America Inc.) C:\WINDOWS\System32\StkCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastUI.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Ziff-Davis Media, Inc.) C:\Utility.sys\NetPerSec\NetPerSec.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Varate Vgiolitzndes Records) C:\Utility.sys\2xExplorer\2xExplorer.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [AvastUI.exe] => C:\Utility.sys\Spyware - Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [BuffaloTools] => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-05] (BUFFALO INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2016-10-10] (CANON INC.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe [317824 2016-01-18] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [Weather] => C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Carl\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-02-28] (Yahoo!, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {084762e3-8a9b-11e8-a5a2-24b6fd1437bd} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {4b362eb8-2faa-11e2-9025-e4d53de93a34} - F:\DriveNavi.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\Run: [Weather] => C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\Run: [Yahoo Messenger Updater] => C:\Users\Carl\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-02-28] (Yahoo!, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\MountPoints2: {084762e3-8a9b-11e8-a5a2-24b6fd1437bd} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\MountPoints2: {4b362eb8-2faa-11e2-9025-e4d53de93a34} - F:\DriveNavi.exe
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amcap.lnk [2012-11-19]
ShortcutTarget: Amcap.lnk -> C:\Program Files (x86)\Vimicro\amcap.exe ()
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.lnk [2018-08-04]
ShortcutTarget: NetPerSec.lnk -> C:\Utility.sys\NetPerSec\NetPerSec.exe (Ziff-Davis Media, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-11]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk [2012-04-29]
ShortcutTarget: speedfan.lnk -> C:\Utility.sys\SpeedFan4.34\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.192.10 192.168.191.10
Tcpip\..\Interfaces\{0E21F077-EB43-49B3-AA41-1149BA8AB9A2}: [DhcpNameServer] 192.168.192.10 192.168.191.10
Tcpip\..\Interfaces\{155DF4E0-D023-41A7-99E6-B202E555D299}: [NameServer] 77.234.40.79

Internet Explorer:
==================
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Utility.sys\Spyware - Avast\aswWebRepIE64.dll [2018-07-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Utility.sys\Spyware - Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-27] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

FireFox:
========
FF DefaultProfile: 0ek4oy6g.default-1533138630327
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739 [2018-08-04]
FF Extension: (Avast Online Security) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-01-15]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-01-15]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380 [2018-08-04]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-01-19]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-01-19]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538 -> hxxps://startpage.com/
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-03-10]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-03-10]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-03-10]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\yoijzgza.default-1523995957406 [2018-08-04]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359 [2018-08-04]
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-05-08]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-05-08]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-05-08]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\jpi8b2v7.default-1525957615734 [2018-08-04]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327 [2018-08-16]
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-08-03]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-08-03]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-08-03]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514 -> hxxps://startpage.com
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-08-04]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-08-04]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-08-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VLC Media Player\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-03] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: SkypePlugin -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: SkypePlugin64 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: usaa.com/web -> C:\Users\Carl\AppData\Roaming\com.usaa\usaa-web\1.0.11\npusaa-web-1.0.11.dll [2015-09-03] (USAA)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550: SkypePlugin -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550: SkypePlugin64 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550: usaa.com/web -> C:\Users\Carl\AppData\Roaming\com.usaa\usaa-web\1.0.11\npusaa-web-1.0.11.dll [2015-09-03] (USAA)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe [7780400 2018-07-17] (AVAST Software)
R2 avast! Antivirus; C:\Utility.sys\Spyware - Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-06] (Digital Wave Ltd.)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 StkSSrv; C:\windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-03-24] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-03-24] (Check Point Software Technologies Ltd.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{72D6EC87-52C4-44D0-81CA-2D2D2A484CC8}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [197160 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201328 2018-07-17] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346664 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59592 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239680 2018-07-17] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46976 2018-07-17] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-26] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [159640 2018-07-17] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111872 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [85968 2018-07-17] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1027728 2018-07-17] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [211160 2018-07-17] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2016-01-29] (The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [381584 2018-07-17] (AVAST Software)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
R3 GenericMount; C:\windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [191208 2018-08-13] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [114920 2018-08-15] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [48360 2018-08-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-13] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [92792 2018-08-16] (Malwarebytes)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S3 StkCMini; C:\windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
R0 symsnap; C:\windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 USBMULCD; C:\windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S3 VProEventMonitor; C:\windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-24] (Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-13 09:07 - 2018-08-13 09:07 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-08-13 09:01 - 2018-08-13 09:01 - 000000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-08-13 09:01 - 2018-08-13 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-13 09:01 - 2018-08-13 09:01 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-13 09:01 - 2018-08-13 08:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-13 08:55 - 2018-08-13 08:56 - 036826200 _____ (Adlice Software ) C:\Users\Carl\Downloads\RogueKiller_setup_ref3.exe
2018-08-13 08:47 - 2018-08-13 08:47 - 000001887 _____ C:\Users\Carl\Desktop\Malwarebytes.lnk
2018-08-13 08:42 - 2018-08-16 10:37 - 000092792 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-08-13 08:42 - 2018-08-15 10:47 - 000114920 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-08-13 08:42 - 2018-08-15 10:47 - 000048360 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-08-13 08:42 - 2018-08-13 08:42 - 000191208 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-08-13 08:41 - 2018-08-13 08:41 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-13 08:41 - 2018-08-13 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-13 08:41 - 2018-08-13 08:41 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-13 08:41 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-08-13 08:39 - 2018-08-13 08:40 - 078989872 _____ (Malwarebytes ) C:\Users\Carl\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
2018-08-13 08:24 - 2018-08-13 08:24 - 007417040 _____ (Malwarebytes) C:\Users\Carl\Downloads\adwcleaner_7.2.2.exe
2018-08-13 08:21 - 2018-08-13 08:32 - 000000000 ____D C:\AdwCleaner
2018-08-13 08:16 - 2018-08-13 08:15 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-08-11 18:57 - 2018-08-11 18:57 - 000208964 _____ C:\Users\Carl\Documents\IMG_20180811_0005.pdf
2018-08-11 18:54 - 2018-08-11 18:54 - 000622395 _____ C:\Users\Carl\Documents\IMG_20180811_0003.pdf
2018-08-04 12:00 - 2018-08-16 10:51 - 000000000 ____D C:\FRST
2018-08-03 18:21 - 2018-08-03 18:21 - 000001337 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2018-08-03 18:21 - 2018-08-03 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2018-08-03 18:21 - 2018-08-03 18:21 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2018-08-03 18:20 - 2018-08-03 18:20 - 000001305 _____ C:\Users\Public\Desktop\Free Video Editor.lnk
2018-08-03 18:20 - 2018-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\FreeCodecPack
2018-08-03 18:20 - 2018-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\Free Video Editor
2018-08-03 18:19 - 2018-08-03 18:21 - 000000000 ____D C:\Users\Carl\AppData\Roaming\DVDVideoSoft
2018-08-03 18:09 - 2018-08-03 18:11 - 000000000 ____D C:\Users\Carl\AppData\Roaming\vlc
2018-08-03 18:08 - 2018-08-03 18:08 - 000000839 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-08-03 18:08 - 2018-08-03 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-08-03 18:08 - 2018-08-03 18:08 - 000000000 ____D C:\Program Files\VLC Media Player
2018-08-03 17:30 - 2018-08-03 17:30 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 17:30 - 2018-08-03 17:30 - 000002208 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 17:30 - 2018-08-03 17:30 - 000000000 ____D C:\Users\Carl\AppData\Roaming\HandBrake Team
2018-08-03 17:30 - 2018-08-03 17:30 - 000000000 ____D C:\Users\Carl\AppData\Roaming\HandBrake
2018-08-03 17:29 - 2018-08-03 17:30 - 000000983 _____ C:\Users\Carl\Desktop\HandBrake.lnk
2018-08-03 17:29 - 2018-08-03 17:29 - 000000000 ____D C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-08-03 17:29 - 2018-08-03 17:29 - 000000000 ____D C:\Program Files\HandBrake
2018-08-03 17:25 - 2018-08-03 17:25 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-01 11:47 - 2018-08-01 10:56 - 009724650 _____ C:\Users\Carl\Documents\IMG_20180801_0013.pdf
2018-08-01 11:46 - 2018-08-01 11:46 - 000476250 _____ C:\Users\Carl\Documents\IMG_20180801_0012.pdf
2018-08-01 11:40 - 2018-08-01 11:44 - 004244800 _____ C:\Users\Carl\Documents\IMG_20180801_0011.pdf
2018-08-01 11:39 - 2018-08-01 10:52 - 013959943 _____ C:\Users\Carl\Documents\IMG_20180801_0010.pdf
2018-08-01 11:33 - 2018-08-01 11:38 - 030553694 _____ C:\Users\Carl\Documents\IMG_20180801_0005.pdf
2018-08-01 11:29 - 2018-08-01 11:29 - 000630423 _____ C:\Users\Carl\Documents\IMG_20180801_0004.pdf
2018-08-01 11:24 - 2018-08-01 11:24 - 000190682 _____ C:\Users\Carl\Documents\IMG_20180801_0009.pdf
2018-08-01 11:22 - 2018-08-01 11:22 - 000692920 _____ C:\Users\Carl\Documents\IMG_20180801_0003.pdf
2018-08-01 11:20 - 2018-08-01 11:20 - 000187474 _____ C:\Users\Carl\Documents\IMG_20180801_0008.pdf
2018-08-01 11:18 - 2018-08-01 11:19 - 000920642 _____ C:\Users\Carl\Documents\IMG_20180801_0002.pdf
2018-08-01 11:10 - 2018-08-01 11:13 - 000890398 _____ C:\Users\Carl\Documents\IMG_20180801_0001.pdf
2018-08-01 11:07 - 2018-08-01 11:08 - 000000000 ____D C:\Program Files (x86)\VLC Media Player
2018-08-01 11:04 - 2018-08-01 11:04 - 000845942 _____ C:\Users\Carl\Documents\IMG_20180801_0007.pdf
2018-08-01 10:47 - 2018-08-01 10:52 - 030567714 _____ C:\Users\Carl\Documents\IMG_20180801_0006.pdf
2018-07-30 22:03 - 2018-08-01 10:53 - 000004096 ___SH C:\VSNAP.IDX
2018-07-28 12:08 - 2018-07-28 12:08 - 000000000 ____D C:\Users\Carl\AppData\Roaming\Symantec
2018-07-28 12:08 - 2018-07-28 12:08 - 000000000 ____D C:\Users\Carl\AppData\Local\Symantec_Corporation
2018-07-28 12:06 - 2010-03-03 19:59 - 000154168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WimFltr.sys
2018-07-28 12:05 - 2018-07-28 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
2018-07-28 12:05 - 2018-07-28 12:05 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_GenericMount_01009.Wdf
2018-07-28 12:05 - 2010-02-11 02:34 - 000170032 _____ (StorageCraft) C:\windows\system32\Drivers\symsnap.sys
2018-07-28 12:05 - 2009-09-21 20:40 - 000020528 _____ (Symantec Corporation) C:\windows\system32\Drivers\vproeventmonitor.sys
2018-07-28 12:04 - 2018-07-28 12:55 - 000000000 ____D C:\ProgramData\Symantec
2018-07-28 12:04 - 2018-07-28 12:04 - 000000000 ____D C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2018-07-28 12:04 - 2018-07-28 12:04 - 000000000 ____D C:\Program Files (x86)\Norton Ghost
2018-07-28 12:04 - 2009-05-18 14:17 - 000034152 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2018-07-28 12:04 - 2008-04-17 13:12 - 000126312 _____ (GEAR Software Inc.) C:\windows\system32\GEARAspi64.dll
2018-07-28 12:04 - 2008-04-17 13:12 - 000107368 _____ (GEAR Software Inc.) C:\windows\SysWOW64\GEARAspi.dll
2018-07-27 13:13 - 2018-07-27 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 10:02 - 2018-08-13 08:21 - 000000000 ____D C:\Users\Carl\AppData\Local\AVAST Software
2018-07-17 18:49 - 2018-07-17 18:48 - 000378072 _____ (AVAST Software) C:\windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-16 10:51 - 2016-11-18 19:48 - 000000000 ____D C:\Users\Carl\AppData\LocalLow\Mozilla
2018-08-16 10:50 - 2017-02-08 17:15 - 000004154 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-08-16 09:55 - 2009-07-13 23:45 - 000020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-16 09:55 - 2009-07-13 23:45 - 000020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-14 20:11 - 2018-07-13 08:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-13 08:41 - 2013-02-24 05:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-13 08:20 - 2017-05-07 09:56 - 000000000 ____D C:\Users\Carl\AppData\Local\CrashDumps
2018-08-13 08:20 - 2012-01-10 16:58 - 000000000 ____D C:\ProgramData\Sonic
2018-08-13 08:15 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-13 08:14 - 2018-05-08 20:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-13 08:14 - 2018-05-08 20:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-10 09:25 - 2016-12-26 14:20 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-08-06 08:50 - 2009-07-14 00:13 - 000909514 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-06 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-08-04 09:15 - 2012-11-26 10:38 - 000000000 ____D C:\windows\Minidump
2018-08-03 17:30 - 2013-01-21 18:02 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-01 11:30 - 2012-04-28 17:38 - 000000000 ____D C:\Utility.sys
2018-08-01 10:59 - 2014-07-11 15:02 - 000000000 ____D C:\Users\Carl\AppData\Local\Adobe
2018-08-01 10:59 - 2012-11-20 11:33 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-01 10:59 - 2012-01-10 16:42 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-01 10:59 - 2012-01-10 16:42 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-01 10:59 - 2012-01-10 16:42 - 000000000 ____D C:\windows\system32\Macromed
2018-08-01 10:53 - 2009-07-14 00:08 - 000032576 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-07-28 13:02 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-07-27 13:54 - 2013-10-26 19:16 - 000000000 ____D C:\ProgramData\Oracle
2018-07-27 13:15 - 2015-11-06 19:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-27 13:13 - 2015-11-06 19:54 - 000098680 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-07-23 09:19 - 2013-04-11 22:29 - 000467064 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-07-17 18:48 - 2017-11-17 10:27 - 000197160 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-07-17 18:48 - 2014-05-13 13:11 - 000046976 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-07-17 18:48 - 2014-01-03 09:02 - 000211160 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 001027728 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 000159640 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 000111872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-07-17 18:48 - 2013-03-21 09:28 - 000381584 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-07-17 18:48 - 2013-03-21 09:28 - 000085968 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-07-17 18:47 - 2017-10-13 09:19 - 000239680 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000346664 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000229392 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000201328 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000059592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys

==================== Files in the root of some directories =======

2017-10-11 12:29 - 2017-10-11 12:29 - 000000000 _____ () C:\ProgramData\cisE4C3.exe
2013-08-21 21:46 - 2013-08-21 21:47 - 000003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-11-03 11:28 - 2015-11-03 11:28 - 000000041 _____ () C:\Users\Carl\AppData\Roaming\mbam.context.scan
2012-07-02 15:40 - 2012-09-08 19:50 - 000020992 _____ () C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-06 13:19 - 2017-11-06 13:25 - 000000137 _____ () C:\Users\Carl\AppData\Local\Support.ini
2018-01-23 12:41 - 2018-01-23 12:41 - 000000000 _____ () C:\Users\Carl\AppData\Local\{47647FD6-D3B0-4CB1-9E7C-6F8837ABA0FA}
2016-02-08 11:31 - 2016-02-08 11:31 - 000000000 _____ () C:\Users\Carl\AppData\Local\{5B6D3BA0-DA17-4270-89D1-EAF33CA6D802}

Some files in TEMP:
====================
2018-08-13 09:01 - 2018-03-30 20:38 - 001665336 _____ (Microsoft Corporation) C:\Users\Carl\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-06 14:28

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Carl (16-08-2018 09:54:35)
Running from E:\Downloads\_CPU-Net\_Anti-Virus
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-27 07:09:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1142599995-1776523847-1352253491-500 - Administrator - Disabled)
Carl (S-1-5-21-1142599995-1776523847-1352253491-1000 - Administrator - Enabled) => C:\Users\Carl
Guest (S-1-5-21-1142599995-1776523847-1352253491-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
AxCrypt (Remove Only) (HKLM-x32\...\AxCrypt) (Version: - Axon Data)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BCWipe 2.0 (HKLM-x32\...\BCWipe) (Version: - )
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version: - )
BUFFALO SecureLockManagerEasy for HD (HKLM-x32\...\UN090430) (Version: - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - ‭Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CDBurnerXP (HKLM-x32\...\{EC0B34FF-4A9B-4757-82A5-CD4EB194BFEC}) (Version: 4.4.0.3018 - Canneverbe Limited)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.55 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Free Video Editor (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.54.606 - Digital Wave Ltd)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
HandBrake 1.1.1 (HKLM-x32\...\HandBrake) (Version: 1.1.1 - )
HP Deskjet 2510 series Basic Device Software (HKLM\...\{C8B7EFDF-28EA-4A17-B89A-C03317E3B5CF}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{B784E572-44B3-49AA-B959-A7D74D9B2793}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.12.12400.17.102 - Nero AG) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.5.0.74(master)(8d92a0e96285c09fa03691e2b7618aee84c6c2b6) - Addpcs, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
USAA Web Windows (HKLM-x32\...\{DF64D65B-CA7B-4CA0-A8F8-4EF2DC9B1FC2}) (Version: 1.0.11 - USAA)
USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version: - )
USB2.0 Capture Device (HKLM-x32\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
VTech Download Agent Library (HKLM-x32\...\{DB083AE1-3354-4AAD-BD44-5F2CC4B2ECE6}) (Version: 1.00.0000 - VTech) Hidden
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.10 - Earth Networks, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo Messenger (HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo Messenger (HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
ZoneAlarm Firewall (HKLM-x32\...\{902E1EFE-94FC-4209-9409-EBB2CA9E8DA6}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.3.060.17669 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{9F5DAD59-9A81-44E4-A075-0C943932FD10}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1-x32: [axcrypt.File] -> {FEB9A664-4B04-4D9C-9397-CF645DAA3BE2} => C:\Utility.sys\AXCrypt\1.6.4.4-0\ShellExt.dll [2008-05-13] (Axantum Software AB)
ContextMenuHandlers1-x32-x32: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Windows\SysWOW64\BCShExt.dll [1999-07-07] (Jetico, Inc.)
ContextMenuHandlers1-x32-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => c:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1-x32-x32-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Utility.sys\WinRar\rarext.dll [2002-12-18] ()
ContextMenuHandlers2-x32: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Windows\SysWOW64\BCShExt.dll [1999-07-07] (Jetico, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Utility.sys\WinRar\rarext.dll [2002-12-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-25] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Utility.sys\Spyware - Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6-x32: [axcrypt.File] -> {FEB9A664-4B04-4D9C-9397-CF645DAA3BE2} => C:\Utility.sys\AXCrypt\1.6.4.4-0\ShellExt.dll [2008-05-13] (Axantum Software AB)
ContextMenuHandlers6-x32-x32: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => C:\Windows\SysWOW64\BCShExt.dll [1999-07-07] (Jetico, Inc.)
ContextMenuHandlers6-x32-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32-x32-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Utility.sys\WinRar\rarext.dll [2002-12-18] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C1E4CE2-418E-404F-AF9D-92B5A9CAE32B} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe
Task: {464970AC-4E73-478D-BD60-02BD1E44EC48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {58220009-9DD8-4D15-88F8-E1E00BBD1C2A} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {73209D1B-8327-451A-AED0-A37C85C55AA8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {7A82AB0B-8B7D-4049-AB4F-49EB513F2DF1} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-09-06] (PC-Doctor, Inc.)
Task: {9260526F-608D-41E5-9D22-E695A15E3DEF} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {9B410B01-8791-48F7-8DBD-BEEC0E23D674} - System32\Tasks\{208BD8EC-DEEF-400F-9804-BA7CEC313437} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {B8348559-22A5-4589-9CC8-AE92F12DF6B1} - System32\Tasks\{21F41153-76AE-4685-94A2-5F618CABEEBD} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {B98F95DE-2767-4CC0-A4A2-DC24D4B4A695} - System32\Tasks\{BD853F0A-47EB-4934-9A1E-8B0BBB59998E} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {BE384DF3-5CF0-4513-8653-87229FE33A47} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {CBDD12D2-24CA-4456-96A8-0AF72690210C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)
Task: {CE973110-C0E7-45A1-ADFF-20E8DEEB5587} - System32\Tasks\{B6514ACD-17C1-448B-A120-F9FEA5B86861} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Task: {D0F6F0E6-2F44-470E-9E74-DC8663492859} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D24CF959-E239-4D28-B626-1112BC8F5781} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {E8D4504B-EE35-4440-A6DD-4284AF475490} - System32\Tasks\{87EC105F-643B-44DE-94F8-B3128CAC6D4A} => C:\windows\system32\pcalua.exe -a C:\Users\Carlf
Carl\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F5DF593C-5317-413A-840F-22F10A8AB1E5} - System32\Tasks\Avast Emergency Update => C:\Utility.sys\Spyware - Avast\AvEmUpdate.exe [2018-07-17] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-07-17 18:48 - 2018-07-17 18:48 - 000599768 _____ () c:\Utility.sys\Spyware - Avast\x64\StreamBack.dll
2012-01-10 18:14 - 2011-03-25 20:28 - 000094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2011-06-27 20:26 - 2011-06-27 20:26 - 002022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 09:52 - 2011-06-29 09:52 - 000474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2016-02-24 03:56 - 2016-01-18 07:48 - 000317824 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe
2018-08-13 08:41 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-13 08:41 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000483544 _____ () C:\Utility.sys\Spyware - Avast\streamback.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000928984 _____ () C:\Utility.sys\Spyware - Avast\anen.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000532696 _____ () C:\Utility.sys\Spyware - Avast\gui_cache.dll
2018-07-17 18:47 - 2018-07-17 18:47 - 000150744 _____ () C:\Utility.sys\Spyware - Avast\hns_tools.dll
2018-07-17 18:48 - 2018-07-17 18:48 - 000985304 _____ () C:\Utility.sys\Spyware - Avast\shepherdsync.dll
2018-08-16 09:52 - 2018-08-16 09:52 - 005674128 _____ () C:\Utility.sys\Spyware - Avast\defs\18081602\algo.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2018-08-03 18:20 - 2016-11-22 15:17 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2012-01-10 17:11 - 2010-08-11 19:19 - 000056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2012-01-10 17:11 - 2010-08-11 19:19 - 000113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2012-01-10 17:11 - 2010-08-11 19:19 - 000126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2018-01-23 13:19 - 2018-01-23 13:19 - 000169984 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\338ff006da89b9a8a88f811493679700\IsdiInterop.ni.dll
2012-01-10 16:42 - 2011-01-12 18:56 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 001926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 16:52 - 2010-03-22 16:52 - 006776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 000635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 000326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 00:20 - 2011-06-25 00:20 - 000565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 20:25 - 2011-06-27 20:25 - 000058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 00:21 - 2011-06-25 00:21 - 000322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 20:52 - 2010-03-11 20:52 - 000028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 16:07 - 2010-03-05 16:07 - 000031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 16:07 - 2010-03-05 16:07 - 000125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 20:52 - 2010-03-11 20:52 - 000225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2018-03-16 09:43 - 2018-03-16 09:43 - 067126928 _____ () C:\Utility.sys\Spyware - Avast\libcef.dll
2018-07-17 18:47 - 2018-07-17 18:47 - 000282840 _____ () C:\Utility.sys\Spyware - Avast\gaming_mode_ui.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2016-02-24 03:56 - 2015-12-14 01:05 - 000120832 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2016-02-24 03:56 - 2014-04-21 21:14 - 000065536 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\QHttpServer.dll
2016-02-24 03:56 - 2014-05-06 00:39 - 000861184 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000021504 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000020992 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000204800 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000218112 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2016-02-24 03:56 - 2014-05-06 00:58 - 000015872 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000015360 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000307712 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2016-02-24 03:56 - 2014-05-06 05:44 - 000014848 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2016-02-24 03:56 - 2014-05-06 01:31 - 000015872 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000036352 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2016-02-24 03:56 - 2014-05-06 00:38 - 000038912 _____ () C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 000985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 000170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\notepad.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aepic(118).dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\apisetschema(119).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVL.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNMLMBV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\credssp(122).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\csrsrv(123).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iertutil(124).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kerberos(125).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernel32(126).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KernelBase(127).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsasrv(128).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsass(129).exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msv1_0(130).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncrypt(131).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntdll(132).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schannel(133).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secur32(135).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\smss(137).exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srcore(139).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspicli(140).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspisrv(141).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSpkg(142).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\urlmon(143).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdigest(145).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininet(146).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsrv(147).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmp(148).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmploc(149).DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64(150).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64cpu(151).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64win(152).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iertutil(156).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kernel32(157).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KernelBase(158).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
 
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mswsock.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntdll(159).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sspicli(161).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\urlmon(162).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wininet(165).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\aswTap.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftfswin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftplaywin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftredirwin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftvolwin7.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\1001movie.com -> 1001movie.com

There are 6049 more sites.

IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\1001movie.com -> 1001movie.com

There are 6049 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-01-25 22:20 - 000000826 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\Control Panel\Desktop\\Wallpaper -> C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.10 - 192.168.191.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{661E2CC3-1C6B-4956-8F90-524B2FA8941F}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{C0A5AC5C-41C9-42A0-8BAC-B89405CE13AC}] => (Allow) LPort=9700
FirewallRules: [{DEBE404E-7A3D-40B5-8848-B82AA27D61DC}] => (Allow) LPort=9701
FirewallRules: [{7FE223A1-8199-4F27-9ED9-51C2C4C9884A}] => (Allow) LPort=9702
FirewallRules: [{EB852DEE-50E5-47A0-974A-8FB72BE849BA}] => (Allow) LPort=9700
FirewallRules: [{E27955FB-B5D4-42FA-AFE0-E1A81F785E4A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{3C3144DB-D8BD-43F8-81C0-84EB43C29449}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{04EF0CE8-653C-4065-A10B-0061E91B9773}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{C51108A6-F41A-4D2F-B51E-C18CC95A312E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{780C6C95-34DE-4830-8530-50421347BEAD}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{F080FDE6-05A8-482B-BB74-BAC60F5B1076}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{2FCA86B9-7426-4F36-8A35-36AA7DFC51C0}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{5E37BED8-1B12-44D1-852D-BF1E5D8A760D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{FE937859-4DF8-4A60-B2FA-55CB97DADDD8}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{F6F13A01-B638-40AC-B56B-7E2367393960}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{0A021789-CF28-4771-9E36-1CD2D00A6F63}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{00DE1073-C1B6-41ED-AA48-E6F5595F66FC}] => (Allow) LPort=2869
FirewallRules: [{BC4B794C-E6BF-4B2F-802E-188BD7BEA56A}] => (Allow) LPort=1900
FirewallRules: [{A0D68CE8-5142-4244-A8C8-5B1F8989FEAA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{827E6F93-A390-4D93-B996-6674C4D8C01C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{93492D95-294E-45C8-92C7-9E78B1EE9A74}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{73841273-6B70-402D-BC00-26C3563CBA84}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{8940D2F2-3A90-4454-B6FD-B8BFB5B790CF}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{47897F8F-6D75-450B-BF90-B0F96F981E84}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{33309768-6FF7-416D-83CE-BC69A9F5C9BD}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1508DBA8-2EF1-4722-B813-018EF0B24F53}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5B339F90-1F33-41C5-9D5C-401F501FB59C}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{45EE5B22-CE5B-46B7-BEE0-CC718B70C3A5}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [TCP Query User{4F30056E-BA64-4840-83A1-1F2B61E30F66}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{57253567-613C-4591-A6CA-C8C7301ED3D6}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{D07F771C-2CC4-4EAF-8F8F-35E9A3B03CB0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{04BE6B96-4905-452C-9492-A273BA7F9DDD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AB6F5875-BB6A-4258-B2A5-C3D529BE719E}] => (Allow) C:\Utility.sys\Spyware - Avast\ng\vbox\aswFe.exe
FirewallRules: [{9E9CE74A-55DA-4798-8E62-43092A15C878}] => (Allow) C:\Utility.sys\Spyware - Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{4E02D591-2F0A-44A5-8A76-1CD116B973E0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3C6C17FC-DF6D-431B-AF94-EE6E6AE9C757}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{866C8A0B-BE06-4D37-AC17-32562491DF2C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{85DE6CD3-1D9E-4C5B-A3D3-AD1B50D3126F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{950C6913-6EC1-47B5-B7C3-6B289F042BD5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6DAD6B65-C052-4269-B9C9-96EED75E536F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CC80607D-8BCE-4261-9104-A6556749B73E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{2BFC57F0-5DC4-4A4F-8C92-3F8016C9EB41}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{ECB75209-A8BA-46AB-9EA0-3BAD393E46EE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3D31C816-43D9-4220-824B-95E21E083AF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E60AD5B7-04B7-45EC-9CF1-47C9C5CC5C97}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3FF2E963-BED1-47CB-8140-0B808D1CDD40}] => (Allow) C:\Utility.sys\Spyware - Avast\AvEmUpdate.exe
FirewallRules: [{230D2121-5AFA-43D1-BF31-A77EAA2794C2}] => (Allow) C:\Utility.sys\Spyware - Avast\AvEmUpdate.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1701 802.11b/g/n
Description: Dell Wireless 1701 802.11b/g/n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1701 Bluetooth v3.0+HS
Description: Dell Wireless 1701 Bluetooth v3.0+HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2018 10:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.667, time stamp: 0x5ad8e0a1
Faulting module name: MwacLib.dll, version: 3.0.0.424, time stamp: 0x5b3bd011
Exception code: 0xc0000005
Fault offset: 0x0000000000012678
Faulting process id: 0x9b8
Faulting application start time: 0x01d43307b3e55853
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 315f1a6c-a0a2-11e8-a521-24b6fd1437bd

Error: (08/13/2018 08:16:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/13/2018 08:20:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.2.1.0, time stamp: 0x517a49ec
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x1ab0
Faulting application start time: 0x01d433085a8b24d9
Faulting application path: C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
Faulting module path: C:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLL
Report Id: 9fe16e27-9efb-11e8-8db3-24b6fd1437bd

Error: (08/13/2018 08:16:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 11:21:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 11:20:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 09:03:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 09:04:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/15/2018 10:46:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/13/2018 08:17:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/13/2018 08:18:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/13/2018 08:18:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

Error: (08/13/2018 08:17:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {7D1933CB-86F6-4A98-8628-01BE94C9A575} did not register with DCOM within the required timeout.

Error: (08/13/2018 08:33:28 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SymSnapService service, but this action failed with the following error:
An instance of the service is already running.

Error: (08/13/2018 08:32:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/13/2018 08:32:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Digital Wave Update Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2015-07-13 01:44:12.074
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.197.802.0
Engine version:1.1.11400.0

Date: 2015-07-13 01:43:54.167
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-07-13 01:17:32.106
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.197.802.0
Engine version:1.1.11400.0

Date: 2015-07-13 01:15:57.892
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-07-13 00:46:26.786
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.197.802.0
Engine version:1.1.11400.0

CodeIntegrity:
===================================

Date: 2017-10-11 12:25:17.212
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 12:25:17.137
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:49:14.426
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:49:14.296
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:33:03.333
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:33:03.270
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:30:54.838
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-11 11:30:54.776
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 4004.27 MB
Available physical RAM: 2467.95 MB
Total Virtual: 8006.71 MB
Available Virtual: 5460.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:100.52 GB) (Free:43.88 GB) NTFS
Drive e: () (Fixed) (Total:350.49 GB) (Free:225.63 GB) NTFS

\\?\Volume{6cf741b8-3bd2-11e1-905d-806e6f6e6963}\ (Recovery) (Fixed) (Total:14.65 GB) (Free:6.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 9049F068)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=350.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    15.4 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Carl (17-08-2018 13:34:00) Run:1
Running from C:\Users\Carl\Desktop
Loaded Profiles: Carl & (Available Profiles: Carl)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {084762e3-8a9b-11e8-a5a2-24b6fd1437bd} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {4b362eb8-2faa-11e2-9025-e4d53de93a34} - F:\DriveNavi.exe
SearchScopes: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
U3 iswSvc; no ImagePath
U2 V2iMount; no ImagePath
2017-10-11 12:29 - 2017-10-11 12:29 - 000000000 _____ () C:\ProgramData\cisE4C3.exe
2013-08-21 21:46 - 2013-08-21 21:47 - 000003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-11-03 11:28 - 2015-11-03 11:28 - 000000041 _____ () C:\Users\Carl\AppData\Roaming\mbam.context.scan
2012-07-02 15:40 - 2012-09-08 19:50 - 000020992 _____ () C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-06 13:19 - 2017-11-06 13:25 - 000000137 _____ () C:\Users\Carl\AppData\Local\Support.ini
2018-01-23 12:41 - 2018-01-23 12:41 - 000000000 _____ () C:\Users\Carl\AppData\Local\{47647FD6-D3B0-4CB1-9E7C-6F8837ABA0FA}
2016-02-08 11:31 - 2016-02-08 11:31 - 000000000 _____ () C:\Users\Carl\AppData\Local\{5B6D3BA0-DA17-4270-89D1-EAF33CA6D802}
2018-08-13 09:01 - 2018-03-30 20:38 - 001665336 _____ (Microsoft Corporation) C:\Users\Carl\AppData\Local\Temp\dllnt_dump.dll
Task: {58220009-9DD8-4D15-88F8-E1E00BBD1C2A} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {9260526F-608D-41E5-9D22-E695A15E3DEF} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {E8D4504B-EE35-4440-A6DD-4284AF475490} - System32\Tasks\{87EC105F-643B-44DE-94F8-B3128CAC6D4A} => C:\windows\system32\pcalua.exe -a C:\Users\Carlf
Carl\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
AlternateDataStreams: C:\windows\notepad.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aepic(118).dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\apisetschema(119).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNC_BVL.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CNMLMBV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\credssp(122).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\csrsrv(123).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iertutil(124).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kerberos(125).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernel32(126).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KernelBase(127).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsasrv(128).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsass(129).exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msv1_0(130).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncrypt(131).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntdll(132).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schannel(133).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secur32(135).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\smss(137).exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srcore(139).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspicli(140).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspisrv(141).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSpkg(142).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\urlmon(143).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdigest(145).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininet(146).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsrv(147).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmp(148).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmploc(149).DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64(150).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64cpu(151).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64win(152).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iertutil(156).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kernel32(157).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KernelBase(158).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mswsock.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntdll(159).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sspicli(161).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\urlmon(162).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wininet(165).dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\aswTap.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftfswin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftplaywin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftredirwin7.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Sftvolwin7.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{084762e3-8a9b-11e8-a5a2-24b6fd1437bd}" => removed successfully
HKLM\Software\Classes\CLSID\{084762e3-8a9b-11e8-a5a2-24b6fd1437bd} => not found
"HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b362eb8-2faa-11e2-9025-e4d53de93a34}" => removed successfully
HKLM\Software\Classes\CLSID\{4b362eb8-2faa-11e2-9025-e4d53de93a34} => not found
"HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => removed successfully
HKLM\Software\Classes\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
"HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKLM\System\CurrentControlSet\Services\iswSvc" => removed successfully
iswSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\V2iMount" => removed successfully
V2iMount => service removed successfully
C:\ProgramData\cisE4C3.exe => moved successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
C:\Users\Carl\AppData\Roaming\mbam.context.scan => moved successfully
C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Carl\AppData\Local\Support.ini => moved successfully
C:\Users\Carl\AppData\Local\{47647FD6-D3B0-4CB1-9E7C-6F8837ABA0FA} => moved successfully
C:\Users\Carl\AppData\Local\{5B6D3BA0-DA17-4270-89D1-EAF33CA6D802} => moved successfully
C:\Users\Carl\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58220009-9DD8-4D15-88F8-E1E00BBD1C2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58220009-9DD8-4D15-88F8-E1E00BBD1C2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9260526F-608D-41E5-9D22-E695A15E3DEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9260526F-608D-41E5-9D22-E695A15E3DEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8D4504B-EE35-4440-A6DD-4284AF475490}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8D4504B-EE35-4440-A6DD-4284AF475490}" => removed successfully
C:\windows\System32\Tasks\{87EC105F-643B-44DE-94F8-B3128CAC6D4A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87EC105F-643B-44DE-94F8-B3128CAC6D4A}" => removed successfully
Carl\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION => Error: No automatic fix found for this entry.
C:\windows\notepad.exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\aelupsvc.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\aepic(118).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\apisetschema(119).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\apphelp.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\catsrvut.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\charmap.exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ci.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\clfsw32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\CNC_BVC.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\CNC_BVI.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\CNC_BVL.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\CNMLMBV.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\COLORCNV.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\comctl32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\comsvcs.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\CPFilters.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\credssp(122).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\csrsrv(123).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\devenum.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\dfshim.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\els.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\EncDec.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\fixmapi.exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\iertutil(124).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDAZE.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDAZEL.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDBASH.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\kbdgeoqw.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDRU.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDRU1.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDTAT.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KBDYAK.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\kerberos(125).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\kernel32(126).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\KernelBase(127).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ksproxy.ax => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ksuser.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\lsasrv(128).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\lsass(129).exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\mapi32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\mapistub.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\mcmde.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\mfvdsp.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\MFWMAAEC.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\MP3DMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\MP43DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\MP4SDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\MPG4DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\mscorier.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\mscories.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\msmpeg2adec.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\MSMPEG2ENC.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\msmpeg2vdec.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\msv1_0(130).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ncrypt(131).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\notepad.exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ntdll(132).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\packager.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\pku2u.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\poqexec.exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\qasf.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\qedit.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\rastls.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\rdpcorekmts.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\RESAMPLEDMO.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\schannel(133).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\sdbinst.exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\secur32(135).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\shimeng.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\smss(137).exe => ":$CmdTcID" ADS removed successfully
C:\windows\system32\srcore(139).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\sspicli(140).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\sspisrv(141).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\SysFxUI.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\termsrv.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\TSpkg(142).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\TSWorkspace.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ubpm.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\urlmon(143).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\VIDRESZR.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wdigest(145).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wininet(146).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\winsrv(147).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\winsta.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMADMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMADMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMALFXGFXDSP.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wmp(148).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMPhoto.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wmploc(149).DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wmpmde.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMSPDMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMSPDMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMVDECOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMVENCOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMVSDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMVSENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\WMVXENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wow64(150).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wow64cpu(151).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wow64win(152).dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wpdshext.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\ws2_32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\wshrm.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\apphelp.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\catsrvut.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\cewmdm.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\charmap.exe => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\clfsw32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\COLORCNV.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\comctl32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\devenum.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\dfshim.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\els.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\EncDec.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\fixmapi.exe => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\iertutil(156).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDAZE.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDAZEL.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDBASH.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\kbdgeoqw.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDRU.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDRU1.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDTAT.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KBDYAK.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\kernel32(157).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\KernelBase(158).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\ksproxy.ax => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\ksuser.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\mapi32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\mapistub.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\mfvdsp.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MFWMAAEC.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MP3DMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MP43DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MP4SDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MPG4DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MSCOMCTL.OCX => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\mscorier.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\mscories.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\msmpeg2adec.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\MSMPEG2ENC.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\msmpeg2vdec.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\mswsock.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\notepad.exe => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\ntdll(159).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\packager.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\pku2u.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\poqexec.exe => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\qasf.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\qedit.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\rastls.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\RESAMPLEDMO.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\sdbinst.exe => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\shimeng.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\sspicli(161).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\TSWorkspace.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\ubpm.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\urlmon(162).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\VIDRESZR.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\wininet(165).dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\winsta.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMADMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMADMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMPhoto.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\wmpmde.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMSPDMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMSPDMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMVDECOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMVENCOD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMVSDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMVSENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\WMVXENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\wpdshext.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS removed successfully
C:\windows\SysWOW64\wshrm.dll => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\aswTap.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\drmk.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\drmkaud.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\portcls.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\rdpwd.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\Sftfswin7.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\Sftplaywin7.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\Sftredirwin7.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\Sftvolwin7.sys => ":$CmdTcID" ADS removed successfully
C:\windows\system32\Drivers\stream.sys => ":$CmdTcID" ADS removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully


The system needed a reboot.

==== End of Fixlog 13:34:27 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avast Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.5
Norton Ghost
Java 8 Update 181
Java version 32-bit out of Date!
Adobe Flash Player 27.0.0.183
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Spyware - Avast AvastSvc.exe
Spyware - Avast AvastUI.exe
Spyware - Avast x64 aswidsagenta.exe
Spyware - Avast setup instup.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm ICM-Service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Carl (administrator) on 18-08-2018 at 12:13:33
Running from "C:\Users\Carl\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
You must log in or register to reply here.

Similar threads

A
Mozilla apologizes for unskippable VPN ads shown in Firefox
Replies
6
Views
554
daffy duck
D
D
Firefox users can now import Chrome extensions, but there's a catch
Replies
4
Views
463
Feng Lengshun
F
Daniel Sims
YouTube begins fighting ad blockers by slowing down load times
2
Replies
29
Views
819
ZedRM
ZedRM

Latest posts

Back